Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

435 advisories

Loading
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed
CVE-2021-34572 was published May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed
CVE-2021-38396 was published May 24, 2022
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16... Low Unreviewed
CVE-2022-34845 was published Oct 25, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or... High Unreviewed
CVE-2021-26610 was published May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22460 was published May 24, 2022
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if... Critical Unreviewed
CVE-2021-43616 was published May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed
CVE-2020-23906 was published May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently... High Unreviewed
CVE-2021-26315 was published May 24, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed
CVE-2019-5587 was published May 24, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed
CVE-2022-37928 was published Dec 12, 2022
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the... Critical Unreviewed
CVE-2022-36130 was published Sep 2, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2022-0031 was published Nov 9, 2022
Remote desktop takeover via phishing Critical Unreviewed
CVE-2022-27513 was published Nov 9, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during... High Unreviewed
CVE-2022-38625 was published Aug 30, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed
CVE-2021-27759 was published May 7, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed
CVE-2018-7798 was published May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed
CVE-2019-1000012 was published May 13, 2022
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before... Critical Unreviewed
CVE-2015-6854 was published May 13, 2022
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3... Critical Unreviewed
CVE-2015-6853 was published May 13, 2022
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed
CVE-2014-0364 was published May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed
CVE-2016-3016 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database