Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could... Moderate Unreviewed
CVE-2023-0350 was published Mar 13, 2023
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the... High Unreviewed
CVE-2017-20180 was published Mar 6, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30... Moderate Unreviewed
CVE-2023-21441 was published Feb 9, 2023
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network ... High Unreviewed
CVE-2023-22315 was published Jan 31, 2023
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a... Moderate Unreviewed
CVE-2021-26396 was published Jan 11, 2023
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware... High Unreviewed
CVE-2022-30260 was published Dec 26, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed
CVE-2022-26579 was published Dec 17, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed
CVE-2022-37928 was published Dec 12, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed
CVE-2022-39909 was published Dec 8, 2022
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to... High Unreviewed
CVE-2022-31877 was published Nov 28, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in... High Unreviewed
CVE-2022-41156 was published Nov 25, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs Moderate
CVE-2022-39199 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2022-0031 was published Nov 9, 2022
Remote desktop takeover via phishing Critical Unreviewed
CVE-2022-27513 was published Nov 9, 2022
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient,... High Unreviewed
CVE-2022-26122 was published Nov 2, 2022
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16... Low Unreviewed
CVE-2022-34845 was published Oct 25, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... High Unreviewed
CVE-2022-36360 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database