Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
secp256k1-node allows private key extraction over ECDH High
CVE-2024-48930 was published for secp256k1 (npm) Oct 21, 2024
ChALkeR jprichardson
OpenStack Ironic fails to verify checksums of supplied image_source URLs Moderate
CVE-2024-47211 was published for ironic (pip) Oct 4, 2024
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
OpenZeppelin Contracts vulnerable to ECDSA signature malleability High
CVE-2022-35961 was published for @openzeppelin/contracts (npm) Aug 18, 2022
Improper Validation of Integrity Check Value in go-tuf High
CVE-2022-29173 was published for github.com/theupdateframework/go-tuf (Go) May 24, 2022
rdimitrov
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack Low
CVE-2017-12973 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
Improper Validation of Integrity Check Value in Bouncy Castle Moderate
CVE-2018-5382 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Improper Validation of Integrity Check Value in TensorFlow High
GHSA-43q8-3fv7-pr5x was published for tensorflow (pip) Feb 9, 2022
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Incomplete validation of shapes in multiple TF ops High
CVE-2021-41206 was published for tensorflow (pip) Nov 10, 2021
tlslite-ng off-by-one error on mac checking High
CVE-2018-1000159 was published for tlslite-ng (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database