GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
334 advisories
Filter by severity
vantage6-server node accepts non-whitelisted algorithms from malicious server
High
CVE-2023-47631
was published
for
vantage6-server
(pip)
Nov 14, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Moderate
CVE-2023-5548
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation...
Critical
Unreviewed
CVE-2023-4699
was published
Nov 6, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote...
High
Unreviewed
CVE-2023-5482
was published
Nov 1, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,...
High
Unreviewed
CVE-2023-38552
was published
Oct 18, 2023
Insufficient Verification of Data Authenticity in Apache InLong
Moderate
CVE-2023-43666
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version...
Moderate
Unreviewed
CVE-2023-42782
was published
Oct 10, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on...
High
Unreviewed
CVE-2023-5450
was published
Oct 10, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between...
Moderate
Unreviewed
CVE-2023-5366
was published
Oct 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,...
Moderate
Unreviewed
CVE-2023-3920
was published
Sep 29, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
Composer allows cache poisoning from other projects built on the same host
High
CVE-2015-8371
was published
for
composer/composer
(Composer)
Sep 21, 2023
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing
the...
High
Unreviewed
CVE-2023-43636
was published
Sep 20, 2023
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10...
High
Unreviewed
CVE-2023-4589
was published
Sep 6, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity...
Moderate
Unreviewed
CVE-2023-35719
was published
Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper...
High
Unreviewed
CVE-2023-35906
was published
Sep 5, 2023
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to...
High
Unreviewed
CVE-2023-38831
was published
Aug 23, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of...
High
Unreviewed
CVE-2023-22955
was published
Aug 11, 2023
ProTip!
Advisories are also available from the
GraphQL API