GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,572
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,703
NuGet 661
pip 3,329
Pub 11
RubyGems 884
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 234,065

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

132 advisories

Filter by severity

Sort by

Least recently updated

OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate

CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a... Moderate Unreviewed

CVE-2021-26396 was published Jan 11, 2023

PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed

CVE-2022-26579 was published Dec 17, 2022

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed

CVE-2022-37928 was published Dec 12, 2022

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed

CVE-2022-39909 was published Dec 8, 2022

Certifi removing TrustCor root certificate Moderate

CVE-2022-23491 was published for certifi (pip) Dec 7, 2022

Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs Moderate

CVE-2022-39199 was published for github.com/codenotary/immudb (Go) Nov 21, 2022

Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate

CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed

CVE-2022-0031 was published Nov 9, 2022

It was found that a specially crafted LUKS header could trick cryptsetup into disabling... Moderate Unreviewed

CVE-2021-4122 was published Aug 25, 2022

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed

CVE-2022-2789 was published Aug 20, 2022

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed

CVE-2020-1755 was published Aug 17, 2022

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed

CVE-2022-31598 was published Jul 13, 2022

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity... Moderate Unreviewed

CVE-2022-28385 was published Jun 9, 2022

Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed

CVE-2019-5587 was published May 24, 2022

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed

CVE-2020-23906 was published May 24, 2022

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed

CVE-2021-22460 was published May 24, 2022

The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed

CVE-2021-38396 was published May 24, 2022

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using... Moderate Unreviewed

CVE-2021-22947 was published May 24, 2022

Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed

CVE-2021-34572 was published May 24, 2022

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV... Moderate Unreviewed

CVE-2021-40491 was published May 24, 2022

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant... Moderate Unreviewed

CVE-2021-38597 was published May 24, 2022

A ZTE's product of the transport network access layer has a security vulnerability. Because the... Moderate Unreviewed

CVE-2021-21739 was published May 24, 2022

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed

CVE-2021-22419 was published May 24, 2022

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the... Moderate Unreviewed

CVE-2021-21588 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

132 advisories