Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
All firmware versions of the NPort 5000 Series are affected by an improper validation of... High Unreviewed
CVE-2023-4929 was published Oct 3, 2023
Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00... High Unreviewed
CVE-2023-30356 was published May 10, 2023
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream... High Unreviewed
CVE-2022-24404 was published Oct 19, 2023
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access... Critical Unreviewed
CVE-2023-33668 was published Jul 12, 2023
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3... Moderate Unreviewed
CVE-2023-30673 was published Jul 6, 2023
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private... Moderate Unreviewed
CVE-2023-33981 was published May 24, 2023
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before... High Unreviewed
CVE-2019-18672 was published May 24, 2022
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a... High Unreviewed
CVE-2019-13496 was published May 24, 2022
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving... High Unreviewed
CVE-2019-11753 was published May 24, 2022
A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka ... Moderate Unreviewed
CVE-2019-1163 was published May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange... Low Unreviewed
CVE-2019-10155 was published May 24, 2022
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in... Moderate Unreviewed
CVE-2023-31437 was published Jun 13, 2023
When curl is instructed to download content using the metalink feature, thecontents is verified... High Unreviewed
CVE-2021-22922 was published May 24, 2022
Improper Input Validation vulnerability in the upload functionality for user avatars allows... Low Unreviewed
CVE-2024-23790 was published Jan 29, 2024
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could... Moderate Unreviewed
CVE-2023-20233 was published Sep 13, 2023
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to... Moderate Unreviewed
CVE-2023-42143 was published Jan 23, 2024
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a... Moderate Unreviewed
CVE-2023-31439 was published Jun 13, 2023
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then... Moderate Unreviewed
CVE-2023-31438 was published Jun 13, 2023
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers... High Unreviewed
CVE-2023-36650 was published Dec 12, 2023
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an... Moderate Unreviewed
CVE-2023-28802 was published Nov 21, 2023
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial... High Unreviewed
CVE-2023-38802 was published Aug 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database