Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Insufficient Verification of Data Authenticity in Eclipse Theia High
CVE-2019-17636 was published for @theia/mini-browser (npm) Apr 13, 2021
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault High
CVE-2020-16250 was published for github.com/hashicorp/vault (Go) Aug 2, 2021
Missing validation during checkpoint loading High
CVE-2021-41203 was published for tensorflow (pip) Nov 10, 2021
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface... High Unreviewed
CVE-2021-26103 was published Dec 9, 2021
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused... High Unreviewed
CVE-2020-14111 was published Mar 11, 2022
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a... High Unreviewed
CVE-2021-4031 was published Mar 19, 2022
Insufficient Verification of input Data leading to arbitrary file download and execute was... High Unreviewed
CVE-2021-26625 was published Apr 20, 2022
Authorized users may install a maliciously modified package file when updating the device via the... High Unreviewed
CVE-2022-26516 was published Apr 21, 2022
A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive... High Unreviewed
CVE-2022-20795 was published Apr 22, 2022
An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by... High Unreviewed
CVE-2020-14116 was published Apr 22, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed
CVE-2018-7798 was published May 13, 2022
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed
CVE-2019-1000012 was published May 13, 2022
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV... High Unreviewed
CVE-2019-0805 was published May 13, 2022
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the... High Unreviewed
CVE-2019-7323 was published May 13, 2022
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks... High Unreviewed
CVE-2017-11103 was published May 13, 2022
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host... High Unreviewed
CVE-2016-4553 was published May 13, 2022
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin... High Unreviewed
CVE-2016-4554 was published May 13, 2022
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for... High Unreviewed
CVE-2015-7539 was published May 13, 2022
Nimbus JOSE+JWT missing overflow check High
CVE-2017-12972 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State... High Unreviewed
CVE-2017-3224 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database