Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2 High
GHSA-7fpw-cfc4-3p2c was published for passport-wsfed-saml2 (npm) Dec 28, 2017 withdrawn
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token High
CVE-2017-16897 was published for passport-wsfed-saml2 (npm) Jun 21, 2023
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password Moderate
CVE-2022-2368 was published for microweber/microweber (Composer) Jul 12, 2022
Due to a bug in the handling of the communication between the client and server, it was possible... Moderate Unreviewed
CVE-2022-35629 was published Jul 30, 2022
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide... Moderate Unreviewed
CVE-2020-12272 was published May 24, 2022
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault High
CVE-2020-16250 was published for github.com/hashicorp/vault (Go) Aug 2, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it.... High Unreviewed
CVE-2022-32744 was published Aug 26, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2023-21794 was published Feb 14, 2023
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka ... Moderate Unreviewed
CVE-2019-1357 was published May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka... Moderate Unreviewed
CVE-2019-0608 was published May 24, 2022
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows... Critical Unreviewed
CVE-2023-4178 was published Sep 5, 2023
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
Grafana vulnerable to Authentication Bypass by Spoofing Critical
CVE-2023-3128 was published for github.com/grafana/grafana (Go) Jun 22, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
Vulnerability of identity verification being bypassed in the face unlock module. Successful... Critical Unreviewed
CVE-2023-5801 was published Nov 8, 2023
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to... High Unreviewed
CVE-2023-3103 was published Nov 22, 2023
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a... High Unreviewed
CVE-2023-6263 was published Nov 22, 2023
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server... High Unreviewed
CVE-2022-26505 was published Mar 7, 2022
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Windows Hello Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-34466 was published May 24, 2022
Windows LSA Spoofing Vulnerability. High Unreviewed
CVE-2022-26925 was published May 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database