GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Openstack Neutron has Insufficient Verification of IPv6 addresses
High
CVE-2021-20267
was published
for
neutron
(pip)
May 24, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
dnslib has DNS reply verification issue
High
CVE-2022-22846
was published
for
dnslib
(pip)
Jan 12, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Hex authenticity of signed packages not validated
High
CVE-2019-1000013
was published
for
hex_core
(Erlang)
May 13, 2022
Drupal Incorrect cache context on password reset page
High
CVE-2016-9450
was published
for
drupal/core
(Composer)
May 17, 2022
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
aiosmtpd vulnerable to SMTP smuggling
Moderate
CVE-2024-27305
was published
for
aiosmtpd
(pip)
Mar 13, 2024
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
Magento 2 Community Edition Insufficient Logging
Moderate
CVE-2019-8124
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API