GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,653
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
334 advisories
Filter by severity
Nimbus JOSE+JWT missing overflow check
High
CVE-2017-12972
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle...
High
Unreviewed
CVE-2020-1677
was published
May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353...
High
Unreviewed
CVE-2022-2793
was published
Aug 20, 2022
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing...
Critical
Unreviewed
CVE-2019-17006
was published
May 24, 2022
There is an information disclosure vulnerability in several smartphones. The device does not...
Moderate
Unreviewed
CVE-2020-9109
was published
May 24, 2022
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed...
High
Unreviewed
CVE-2020-26893
was published
May 24, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2020-17426
was published
May 24, 2022
There is a improper privilege management vulnerability in some Huawei smartphone. Successful...
Critical
Unreviewed
CVE-2020-9141
was published
May 24, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a...
Moderate
Unreviewed
CVE-2020-1755
was published
Aug 17, 2022
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP...
Critical
Unreviewed
CVE-2020-26547
was published
May 24, 2022
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem...
Critical
Unreviewed
CVE-2022-30264
was published
Aug 17, 2022
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File...
High
Unreviewed
CVE-2021-31783
was published
May 24, 2022
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files...
High
Unreviewed
CVE-2021-29239
was published
May 24, 2022
The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an...
High
Unreviewed
CVE-2020-24395
was published
May 24, 2022
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows...
High
Unreviewed
CVE-2021-33887
was published
May 24, 2022
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5...
Critical
Unreviewed
CVE-2020-28900
was published
May 24, 2022
A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The...
High
Unreviewed
CVE-2021-33712
was published
May 24, 2022
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,...
Moderate
Unreviewed
CVE-2021-22339
was published
May 24, 2022
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0...
Moderate
Unreviewed
CVE-2021-32665
was published
May 24, 2022
Address bar search suggestions in private browsing mode were re-using session data from normal...
Moderate
Unreviewed
CVE-2021-29963
was published
May 24, 2022
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock...
Moderate
Unreviewed
CVE-2021-23998
was published
May 24, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the...
Moderate
Unreviewed
CVE-2021-21588
was published
May 24, 2022
Insufficient Data Verification in io.really:jwt-scala
Moderate
CVE-2017-10862
was published
for
io.really:jwt-scala
(Maven)
May 17, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability....
Moderate
Unreviewed
CVE-2021-22419
was published
May 24, 2022
A ZTE's product of the transport network access layer has a security vulnerability. Because the...
Moderate
Unreviewed
CVE-2021-21739
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API