GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash....
High
Unreviewed
CVE-2020-25862
was published
May 24, 2022
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host...
Moderate
Unreviewed
CVE-2020-5964
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows...
Moderate
Unreviewed
CVE-2020-8838
was published
May 24, 2022
There is an improper integrity checking vulnerability on some huawei products. The software of...
Low
Unreviewed
CVE-2020-1879
was published
May 24, 2022
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before...
High
Unreviewed
CVE-2019-18672
was published
May 24, 2022
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a...
High
Unreviewed
CVE-2019-13496
was published
May 24, 2022
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving...
High
Unreviewed
CVE-2019-11753
was published
May 24, 2022
A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka ...
Moderate
Unreviewed
CVE-2019-1163
was published
May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange...
Low
Unreviewed
CVE-2019-10155
was published
May 24, 2022
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity...
Moderate
Unreviewed
CVE-2017-9498
was published
May 13, 2022
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3...
High
Unreviewed
CVE-2017-4961
was published
May 13, 2022
The Lenovo Service Framework Android application uses a set of nonsecure credentials when...
High
Unreviewed
CVE-2017-3760
was published
May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for...
Critical
Unreviewed
CVE-2017-15994
was published
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third...
High
Unreviewed
CVE-2018-6336
was published
May 13, 2022
Improper Validation of Integrity Check Value in Bouncy Castle
Moderate
CVE-2018-5382
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration...
Critical
Unreviewed
CVE-2022-29898
was published
May 12, 2022
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF,...
Moderate
Unreviewed
CVE-2022-25946
was published
May 6, 2022
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed...
High
Unreviewed
CVE-2022-22781
was published
Apr 29, 2022
Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by...
High
Unreviewed
CVE-2020-14120
was published
Apr 22, 2022
The DFX module has a vulnerability of improper validation of integrity check values.Successful...
High
Unreviewed
CVE-2022-22253
was published
Apr 12, 2022
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the...
Moderate
Unreviewed
CVE-2021-4148
was published
Mar 24, 2022
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP...
Moderate
Unreviewed
CVE-2021-3772
was published
Mar 4, 2022
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API