Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000+
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a... Moderate Unreviewed
CVE-2023-31439 was published Jun 13, 2023
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then... Moderate Unreviewed
CVE-2023-31438 was published Jun 13, 2023
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers... High Unreviewed
CVE-2023-36650 was published Dec 12, 2023
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an... Moderate Unreviewed
CVE-2023-28802 was published Nov 21, 2023
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial... High Unreviewed
CVE-2023-38802 was published Aug 29, 2023
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through... Moderate Unreviewed
CVE-2023-28002 was published Nov 14, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees Moderate
CVE-2023-34459 was published for @openzeppelin/contracts (npm) Jun 19, 2023
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a... High Unreviewed
CVE-2022-45142 was published Mar 7, 2023
tlslite-ng off-by-one error on mac checking Moderate
CVE-2018-1000159 was published for tlslite-ng (pip) Jul 12, 2018
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic.... Moderate Unreviewed
CVE-2016-15028 was published Mar 12, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update... Moderate Unreviewed
CVE-2023-23119 was published Feb 2, 2023
Improper Validation of Integrity Check Value in go-tuf High
CVE-2022-29173 was published for github.com/theupdateframework/go-tuf (Go) May 24, 2022
rdimitrov
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can... Moderate Unreviewed
CVE-2022-45191 was published Feb 8, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update... Moderate Unreviewed
CVE-2023-23120 was published Feb 2, 2023
There is an improper integrity checking vulnerability on some huawei products. The software of... Low Unreviewed
CVE-2020-1879 was published May 24, 2022
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP... Moderate Unreviewed
CVE-2021-3772 was published Mar 4, 2022
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux... High Unreviewed
CVE-2022-36174 was published Sep 13, 2022
OpenZeppelin Contracts vulnerable to ECDSA signature malleability High
CVE-2022-35961 was published for @openzeppelin/contracts (npm) Aug 18, 2022
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full... High Unreviewed
CVE-2022-29549 was published Aug 19, 2022
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity... Moderate Unreviewed
CVE-2017-9498 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3... High Unreviewed
CVE-2017-4961 was published May 13, 2022
The Lenovo Service Framework Android application uses a set of nonsecure credentials when... High Unreviewed
CVE-2017-3760 was published May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for... Critical Unreviewed
CVE-2017-15994 was published May 13, 2022
An issue was discovered in Listary through 6. Improper implementation of the update process leads... High Unreviewed
CVE-2021-41067 was published Dec 15, 2021
Incomplete validation of shapes in multiple TF ops High
CVE-2021-41206 was published for tensorflow (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API