Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,653
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant... Moderate Unreviewed
CVE-2021-38597 was published May 24, 2022
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series... High Unreviewed
CVE-2021-1586 was published May 24, 2022
A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows... High Unreviewed
CVE-2020-19769 was published May 24, 2022
A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows... High Unreviewed
CVE-2020-19768 was published May 24, 2022
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed
CVE-2021-34572 was published May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed
CVE-2021-38396 was published May 24, 2022
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16... Low Unreviewed
CVE-2022-34845 was published Oct 25, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or... High Unreviewed
CVE-2021-26610 was published May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22460 was published May 24, 2022
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if... Critical Unreviewed
CVE-2021-43616 was published May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed
CVE-2020-23906 was published May 24, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed
CVE-2019-5587 was published May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently... High Unreviewed
CVE-2021-26315 was published May 24, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed
CVE-2022-37928 was published Dec 12, 2022
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the... Critical Unreviewed
CVE-2022-36130 was published Sep 2, 2022
Remote desktop takeover via phishing Critical Unreviewed
CVE-2022-27513 was published Nov 9, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2022-0031 was published Nov 9, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during... High Unreviewed
CVE-2022-38625 was published Aug 30, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed
CVE-2021-27759 was published May 7, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon... High Unreviewed
CVE-2018-7798 was published May 13, 2022
Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in... High Unreviewed
CVE-2019-1000012 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database