Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
A ZTE's product of the transport network access layer has a security vulnerability. Because the... Moderate Unreviewed
CVE-2021-21739 was published May 24, 2022
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant... Moderate Unreviewed
CVE-2021-38597 was published May 24, 2022
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed
CVE-2021-34572 was published May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed
CVE-2021-38396 was published May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22460 was published May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed
CVE-2020-23906 was published May 24, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed
CVE-2019-5587 was published May 24, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed
CVE-2022-37928 was published Dec 12, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2022-0031 was published Nov 9, 2022
This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed
CVE-2021-27759 was published May 7, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed
CVE-2014-0364 was published May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed
CVE-2016-3016 was published May 13, 2022
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. Moderate Unreviewed
CVE-2018-17938 was published May 13, 2022
Denial of Service in SheetJS Pro Moderate
CVE-2021-32014 was published for org.webjars.npm:xlsx (Maven) Jul 22, 2021
Improperly Implemented path matching for in-toto-golang Moderate
CVE-2021-41087 was published for github.com/in-toto/in-toto-golang (Go) Sep 22, 2021
pxp928
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient... Moderate Unreviewed
CVE-2018-10626 was published May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other... Moderate Unreviewed
CVE-2017-1405 was published May 13, 2022
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software... Moderate Unreviewed
CVE-2017-12740 was published May 13, 2022
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional... Moderate Unreviewed
CVE-2020-9885 was published May 24, 2022
A content spoofing vulnerability in the following components allows to render html pages... Moderate Unreviewed
CVE-2018-2434 was published May 13, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote... Moderate Unreviewed
CVE-2015-0251 was published May 14, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle... Moderate Unreviewed
CVE-2017-1773 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database