GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,645
Composer 4,233
Erlang 31
GitHub Actions 20
Go 1,992
Maven 5,179
npm 3,709
NuGet 661
pip 3,346
Pub 11
RubyGems 884
Rust 846
Swift 36

Unreviewed advisories

All unreviewed 235,004

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

133 advisories

Filter by severity

Sort by

Least recently updated

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed

CVE-2022-37928 was published Dec 12, 2022

Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed

CVE-2019-5587 was published May 24, 2022

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed

CVE-2020-23906 was published May 24, 2022

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed

CVE-2021-22460 was published May 24, 2022

The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed

CVE-2021-38396 was published May 24, 2022

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed

CVE-2021-34572 was published May 24, 2022

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant... Moderate Unreviewed

CVE-2021-38597 was published May 24, 2022

A ZTE's product of the transport network access layer has a security vulnerability. Because the... Moderate Unreviewed

CVE-2021-21739 was published May 24, 2022

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed

CVE-2021-22419 was published May 24, 2022

Insufficient Data Verification in io.really:jwt-scala Moderate

CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the... Moderate Unreviewed

CVE-2021-21588 was published May 24, 2022

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock... Moderate Unreviewed

CVE-2021-23998 was published May 24, 2022

Address bar search suggestions in private browsing mode were re-using session data from normal... Moderate Unreviewed

CVE-2021-29963 was published May 24, 2022

wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0... Moderate Unreviewed

CVE-2021-32665 was published May 24, 2022

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,... Moderate Unreviewed

CVE-2021-22339 was published May 24, 2022

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed

CVE-2020-1755 was published Aug 17, 2022

There is an information disclosure vulnerability in several smartphones. The device does not... Moderate Unreviewed

CVE-2020-9109 was published May 24, 2022

IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using... Moderate Unreviewed

CVE-2020-11985 was published May 24, 2022

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart... Moderate Unreviewed

CVE-2020-6081 was published May 24, 2022

** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from... Moderate Unreviewed

CVE-2020-12063 was published May 24, 2022

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that... Moderate Unreviewed

CVE-2020-11539 was published May 24, 2022

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed

CVE-2020-6443 was published May 24, 2022

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the... Moderate Unreviewed

CVE-2019-8921 was published Nov 30, 2021

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV... Moderate Unreviewed

CVE-2021-40491 was published May 24, 2022

In SAP NetWeaver Process Integration (AS2 Adapter), before versions 1.0 and 2.0, the attacker is... Moderate Unreviewed

CVE-2019-0379 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

133 advisories