GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23431
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23433
was published
Dec 29, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated...
Moderate
Unreviewed
CVE-2023-49646
was published
Dec 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20567
was published
Nov 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20568
was published
Nov 14, 2023
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
Moderate
CVE-2023-47122
was published
for
github.com/sigstore/gitsign
(Go)
Nov 14, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...
High
Unreviewed
CVE-2023-34058
was published
Oct 27, 2023
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
Moderate
Unreviewed
CVE-2023-28804
was published
Oct 23, 2023
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
High
Unreviewed
CVE-2023-28796
was published
Oct 23, 2023
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an...
High
Unreviewed
CVE-2022-25333
was published
Oct 19, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating...
High
Unreviewed
CVE-2023-43611
was published
Oct 10, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile...
High
Unreviewed
CVE-2023-40727
was published
Sep 14, 2023
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated,...
High
Unreviewed
CVE-2023-20135
was published
Sep 13, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2023-41744
was published
Aug 31, 2023
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler...
Critical
Unreviewed
CVE-2023-28801
was published
Aug 31, 2023
Archive spoofing vulnerability in borgbackup
Moderate
CVE-2023-36811
was published
for
borgbackup
(pip)
Aug 30, 2023
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM),...
High
Unreviewed
CVE-2023-20266
was published
Aug 30, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
ProTip!
Advisories are also available from the
GraphQL API