GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
128 advisories
Filter by severity
A ZTE's product of the transport network access layer has a security vulnerability. Because the...
Moderate
Unreviewed
CVE-2021-21739
was published
May 24, 2022
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant...
Moderate
Unreviewed
CVE-2021-38597
was published
May 24, 2022
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode...
Moderate
Unreviewed
CVE-2021-34572
was published
May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity...
Moderate
Unreviewed
CVE-2021-38396
was published
May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability....
Moderate
Unreviewed
CVE-2021-22460
was published
May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted...
Moderate
Unreviewed
CVE-2020-23906
was published
May 24, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all...
Moderate
Unreviewed
CVE-2019-5587
was published
May 24, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE...
Moderate
Unreviewed
CVE-2022-37928
was published
Dec 12, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine...
Moderate
Unreviewed
CVE-2022-0031
was published
Nov 9, 2022
This vulnerability arises because the application allows the user to perform some sensitive...
Moderate
Unreviewed
CVE-2021-27759
was published
May 7, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges...
Moderate
Unreviewed
CVE-2021-26368
was published
May 13, 2022
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify...
Moderate
Unreviewed
CVE-2014-0364
was published
May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without...
Moderate
Unreviewed
CVE-2016-3016
was published
May 13, 2022
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
Moderate
Unreviewed
CVE-2018-17938
was published
May 13, 2022
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient...
Moderate
Unreviewed
CVE-2018-10626
was published
May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other...
Moderate
Unreviewed
CVE-2017-1405
was published
May 13, 2022
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software...
Moderate
Unreviewed
CVE-2017-12740
was published
May 13, 2022
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional...
Moderate
Unreviewed
CVE-2020-9885
was published
May 24, 2022
A content spoofing vulnerability in the following components allows to render html pages...
Moderate
Unreviewed
CVE-2018-2434
was published
May 13, 2022
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote...
Moderate
Unreviewed
CVE-2015-0251
was published
May 14, 2022
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle...
Moderate
Unreviewed
CVE-2017-1773
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API