Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware... High Unreviewed
CVE-2022-30260 was published Dec 26, 2022
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network ... High Unreviewed
CVE-2023-22315 was published Jan 31, 2023
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the... High Unreviewed
CVE-2017-20180 was published Mar 6, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27982 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27977 was published Mar 21, 2023
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server... High Unreviewed
CVE-2023-27979 was published Mar 21, 2023
A man in the middle can redirect traffic to a malicious server in a compromised configuration. High Unreviewed
CVE-2023-26467 was published Apr 11, 2023
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2023-31502 was published May 12, 2023
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto... High Unreviewed
CVE-2023-2866 was published Jun 7, 2023
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may... High Unreviewed
CVE-2023-34113 was published Jun 13, 2023
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to... High Unreviewed
CVE-2023-30759 was published Jun 19, 2023
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow... High Unreviewed
CVE-2022-46370 was published Jul 6, 2023
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be... High Unreviewed
CVE-2022-48431 was published Jul 6, 2023
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity... High Unreviewed
CVE-2023-3663 was published Aug 3, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5... High Unreviewed
CVE-2023-36541 was published Aug 8, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of... High Unreviewed
CVE-2023-22955 was published Aug 11, 2023
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to... High Unreviewed
CVE-2023-38831 was published Aug 23, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10... High Unreviewed
CVE-2023-4589 was published Sep 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database