Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
A download of code without integrity check vulnerability in PLCnext products allows an remote... High Unreviewed
CVE-2023-46144 was published Dec 14, 2023
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint... Moderate Unreviewed
CVE-2021-3485 was published May 24, 2022
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
Cargo prior to Rust 1.26.0 may download the wrong dependency High
CVE-2019-16760 was published for cargo (Rust) May 24, 2022
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the... High Unreviewed
CVE-2024-33118 was published May 6, 2024
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files... Critical Unreviewed
CVE-2024-27438 was published Mar 21, 2024
A vulnerability allows attackers to download source code or an executable from a remote location... Critical Unreviewed
CVE-2023-41921 was published Jul 2, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... High Unreviewed
CVE-2024-30206 was published May 14, 2024
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39474 was published May 3, 2024
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes... Critical Unreviewed
CVE-2024-28878 was published Apr 12, 2024
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and... Critical Unreviewed
CVE-2018-5409 was published May 24, 2022
Synel Terminals - CWE-494: Download of Code Without Integrity Check Critical Unreviewed
CVE-2023-37220 was published Sep 3, 2023
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian... Critical Unreviewed
CVE-2023-40254 was published Aug 11, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with... High Unreviewed
CVE-2023-37864 was published Aug 9, 2023
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0... High Unreviewed
CVE-2023-22635 was published Apr 11, 2023
An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message... High Unreviewed
CVE-2020-9759 was published May 24, 2022
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where... High Unreviewed
CVE-2019-3977 was published May 24, 2022
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN... High Unreviewed
CVE-2019-13534 was published May 24, 2022
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that... High Unreviewed
CVE-2019-12809 was published May 24, 2022
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an... Critical Unreviewed
CVE-2019-3801 was published May 24, 2022
WP Crontrol vulnerable to possible RCE when combined with a pre-condition High
CVE-2024-28850 was published for johnbillion/wp-crontrol (Composer) Mar 25, 2024
johnbillion calvinalkan
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development... High Unreviewed
CVE-2019-9534 was published May 24, 2022
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the... High Unreviewed
CVE-2008-3438 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database