GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
121 advisories
Filter by severity
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity...
Moderate
Unreviewed
CVE-2023-35719
was published
Sep 6, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.
Moderate
Unreviewed
CVE-2023-3749
was published
Aug 3, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and...
Moderate
Unreviewed
CVE-2023-36858
was published
Aug 2, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote...
Moderate
Unreviewed
CVE-2023-2314
was published
Jul 29, 2023
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
Moderate
Unreviewed
CVE-2023-30562
was published
Jul 13, 2023
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing...
Moderate
Unreviewed
CVE-2022-4537
was published
Jul 6, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up...
Moderate
Unreviewed
CVE-2023-2897
was published
Jun 9, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
In modem, there is a possible missing verification of HashMME value in Security Mode Command....
Moderate
Unreviewed
CVE-2022-44420
was published
May 9, 2023
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could...
Moderate
Unreviewed
CVE-2023-0350
was published
Mar 13, 2023
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30...
Moderate
Unreviewed
CVE-2023-21441
was published
Feb 9, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a...
Moderate
Unreviewed
CVE-2021-26396
was published
Jan 11, 2023
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to...
Moderate
Unreviewed
CVE-2022-26579
was published
Dec 17, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE...
Moderate
Unreviewed
CVE-2022-37928
was published
Dec 12, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager...
Moderate
Unreviewed
CVE-2022-39909
was published
Dec 8, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Moderate
CVE-2022-39199
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine...
Moderate
Unreviewed
CVE-2022-0031
was published
Nov 9, 2022
It was found that a specially crafted LUKS header could trick cryptsetup into disabling...
Moderate
Unreviewed
CVE-2021-4122
was published
Aug 25, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345...
Moderate
Unreviewed
CVE-2022-2789
was published
Aug 20, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a...
Moderate
Unreviewed
CVE-2020-1755
was published
Aug 17, 2022
ProTip!
Advisories are also available from the
GraphQL API