GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Nimbus JOSE+JWT missing overflow check
High
CVE-2017-12972
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle...
High
Unreviewed
CVE-2020-1677
was published
May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353...
High
Unreviewed
CVE-2022-2793
was published
Aug 20, 2022
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed...
High
Unreviewed
CVE-2020-26893
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2020-17426
was published
May 24, 2022
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File...
High
Unreviewed
CVE-2021-31783
was published
May 24, 2022
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files...
High
Unreviewed
CVE-2021-29239
was published
May 24, 2022
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an...
High
Unreviewed
CVE-2020-24395
was published
May 24, 2022
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows...
High
Unreviewed
CVE-2021-33887
was published
May 24, 2022
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The...
High
Unreviewed
CVE-2021-33712
was published
May 24, 2022
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series...
High
Unreviewed
CVE-2021-1586
was published
May 24, 2022
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows...
High
Unreviewed
CVE-2020-19769
was published
May 24, 2022
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows...
High
Unreviewed
CVE-2020-19768
was published
May 24, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or...
High
Unreviewed
CVE-2021-26610
was published
May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently...
High
Unreviewed
CVE-2021-26315
was published
May 24, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during...
High
Unreviewed
CVE-2022-38625
was published
Aug 30, 2022
CodeIgniter4 allows spoofing of IP address when using proxy
High
CVE-2022-23556
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon...
High
Unreviewed
CVE-2018-7798
was published
May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in...
High
Unreviewed
CVE-2019-1000012
was published
May 13, 2022
Invalid root may become trusted root in The Update Framework (TUF)
High
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Insufficient Verification of Data Authenticity in Eclipse Theia
High
CVE-2019-17636
was published
for
@theia/mini-browser
(npm)
Apr 13, 2021
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV...
High
Unreviewed
CVE-2019-0805
was published
May 13, 2022
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks...
High
Unreviewed
CVE-2017-11103
was published
May 13, 2022
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface...
High
Unreviewed
CVE-2021-26103
was published
Dec 9, 2021
GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the...
High
Unreviewed
CVE-2019-7323
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API