Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the... High Unreviewed
CVE-2017-20180 was published Mar 6, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network ... High Unreviewed
CVE-2023-22315 was published Jan 31, 2023
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware... High Unreviewed
CVE-2022-30260 was published Dec 26, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to... High Unreviewed
CVE-2022-31877 was published Nov 28, 2022
Remote code execution vulnerability due to insufficient verification of URLs, etc. in... High Unreviewed
CVE-2022-41156 was published Nov 25, 2022
An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient,... High Unreviewed
CVE-2022-26122 was published Nov 2, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3).... High Unreviewed
CVE-2022-36360 was published Oct 11, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during... High Unreviewed
CVE-2022-38625 was published Aug 30, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353... High Unreviewed
CVE-2022-2793 was published Aug 20, 2022
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.... High Unreviewed
CVE-2022-30262 was published Aug 18, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before... High Unreviewed
CVE-2022-37008 was published Aug 11, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom... High Unreviewed
CVE-2022-30269 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the... High Unreviewed
CVE-2022-30272 was published Jul 27, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause... High Unreviewed
CVE-2022-34763 was published Jul 14, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML... High Unreviewed
CVE-2015-5236 was published Jul 8, 2022
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the... High Unreviewed
CVE-2022-20829 was published Jun 25, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... High Unreviewed
CVE-2022-32252 was published Jun 15, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently... High Unreviewed
CVE-2021-26315 was published May 24, 2022
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or... High Unreviewed
CVE-2021-26610 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database