GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,400
Composer 4,386
Erlang 33
GitHub Actions 22
Go 2,141
Maven 5,315
npm 3,803
NuGet 687
pip 3,480
Pub 12
RubyGems 897
Rust 898
Swift 38

Unreviewed advisories

All unreviewed 245,808

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

342 advisories

Filter by severity

Sort by

Least recently updated

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To... Moderate Unreviewed

CVE-2020-12413 was published Feb 17, 2023

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use... Moderate Unreviewed

CVE-2022-42288 was published Jan 13, 2023

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue... Moderate Unreviewed

CVE-2022-4543 was published Jan 11, 2023

In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed

CVE-2022-30332 was published Jan 10, 2023

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote... Moderate Unreviewed

CVE-2022-4025 was published Jan 3, 2023

A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is... Moderate Unreviewed

CVE-2022-4823 was published Dec 28, 2022

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x... Moderate Unreviewed

CVE-2022-41765 was published Dec 26, 2022

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was... Moderate Unreviewed

CVE-2022-26382 was published Dec 22, 2022

Service Workers should not be able to infer information about opaque cross-origin responses; but... Moderate Unreviewed

CVE-2022-45403 was published Dec 22, 2022

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread... Moderate Unreviewed

CVE-2022-45416 was published Dec 22, 2022

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is... Moderate Unreviewed

CVE-2022-20538 was published Dec 19, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access... Moderate Unreviewed

CVE-2022-46392 was published Dec 16, 2022

A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability... Moderate Unreviewed

CVE-2022-4087 was published Nov 21, 2022

An information-disclosure vulnerability exists on select NXP devices when configured in Serial... Moderate Unreviewed

CVE-2022-45163 was published Nov 19, 2022

A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow... Moderate Unreviewed

CVE-2022-20940 was published Nov 16, 2022

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in... Moderate Unreviewed

CVE-2020-35473 was published Nov 8, 2022

Observable discrepancies in the login process allow an attacker to guess legitimate user names... Moderate Unreviewed

CVE-2021-45925 was published Oct 24, 2022

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based... Moderate Unreviewed

CVE-2022-2891 was published Oct 11, 2022

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which... Moderate Unreviewed

CVE-2022-35888 was published Sep 30, 2022

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the... Moderate Unreviewed

CVE-2022-32218 was published Sep 25, 2022

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to... Moderate Unreviewed

CVE-2022-1989 was published Aug 24, 2022

Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed

CVE-2022-34623 was published Aug 20, 2022

In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20324 was published Aug 13, 2022

In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20293 was published Aug 13, 2022

In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed

CVE-2022-20291 was published Aug 13, 2022

Previous 1 2 … 5 6 7 8 9 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

342 advisories