Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and... Moderate Unreviewed
CVE-2024-27267 was published Aug 14, 2024
ntlk unsafe deserialization vulnerability High
CVE-2024-39705 was published for nltk (pip) Jun 28, 2024
justinrosenthal ekaf
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG... High Unreviewed
CVE-2024-32049 was published May 8, 2024
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man... Critical Unreviewed
CVE-2019-19755 was published Apr 30, 2024
easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which... Unknown Unreviewed
CVE-2019-19751 was published Apr 30, 2024
dectalk-tts Uses Unencrypted HTTP Request High
CVE-2024-31206 was published for dectalk-tts (npm) Apr 4, 2024
AverageHelper JstnMcBrd
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0... Moderate Unreviewed
CVE-2023-47742 was published Mar 3, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... High Unreviewed
CVE-2023-31004 was published Feb 3, 2024
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept... Moderate Unreviewed
CVE-2023-7008 was published Dec 23, 2023
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks High
GHSA-j3rq-4xjw-xg63 was published for github.com/edgelesssys/marblerun (Go) Dec 4, 2023
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of... High Unreviewed
CVE-2023-32634 was published Oct 12, 2023
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network... Moderate Unreviewed
CVE-2023-4885 was published Oct 3, 2023
Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle ... High Unreviewed
CVE-2023-2885 was published May 25, 2023
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL... Moderate Unreviewed
CVE-2023-2310 was published May 10, 2023
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021),... High Unreviewed
CVE-2021-41033 was published May 24, 2022
When an authenticated password change request takes place, this vulnerability could allow the... High Unreviewed
CVE-2021-32926 was published May 24, 2022
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to... High Unreviewed
CVE-2021-22909 was published May 24, 2022
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to... Moderate Unreviewed
CVE-2021-22890 was published May 24, 2022
containernetworking/plugins vulnerable to MitM attacks Moderate
CVE-2020-10749 was published for github.com/containernetworking/plugins (Go) May 24, 2022
Missing SSH host key validation in Jenkins Amazon EC2 Plugin Moderate
CVE-2020-2185 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle... Moderate Unreviewed
CVE-2019-3981 was published May 24, 2022
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a... High Unreviewed
CVE-2019-14899 was published May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0... Critical Unreviewed
CVE-2019-3793 was published May 24, 2022
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017... Moderate Unreviewed
CVE-2017-15085 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API