GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000+
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a...
Moderate
Unreviewed
CVE-2023-31439
was published
Jun 13, 2023
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then...
Moderate
Unreviewed
CVE-2023-31438
was published
Jun 13, 2023
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers...
High
Unreviewed
CVE-2023-36650
was published
Dec 12, 2023
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an...
Moderate
Unreviewed
CVE-2023-28802
was published
Nov 21, 2023
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial...
High
Unreviewed
CVE-2023-38802
was published
Aug 29, 2023
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through...
Moderate
Unreviewed
CVE-2023-28002
was published
Nov 14, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a...
High
Unreviewed
CVE-2022-45142
was published
Mar 7, 2023
tlslite-ng off-by-one error on mac checking
Moderate
CVE-2018-1000159
was published
for
tlslite-ng
(pip)
Jul 12, 2018
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic....
Moderate
Unreviewed
CVE-2016-15028
was published
Mar 12, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update...
Moderate
Unreviewed
CVE-2023-23119
was published
Feb 2, 2023
Improper Validation of Integrity Check Value in go-tuf
High
CVE-2022-29173
was published
for
github.com/theupdateframework/go-tuf
(Go)
May 24, 2022
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can...
Moderate
Unreviewed
CVE-2022-45191
was published
Feb 8, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update...
Moderate
Unreviewed
CVE-2023-23120
was published
Feb 2, 2023
There is an improper integrity checking vulnerability on some huawei products. The software of...
Low
Unreviewed
CVE-2020-1879
was published
May 24, 2022
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP...
Moderate
Unreviewed
CVE-2021-3772
was published
Mar 4, 2022
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux...
High
Unreviewed
CVE-2022-36174
was published
Sep 13, 2022
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
High
CVE-2022-35961
was published
for
@openzeppelin/contracts
(npm)
Aug 18, 2022
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full...
High
Unreviewed
CVE-2022-29549
was published
Aug 19, 2022
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity...
Moderate
Unreviewed
CVE-2017-9498
was published
May 13, 2022
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3...
High
Unreviewed
CVE-2017-4961
was published
May 13, 2022
The Lenovo Service Framework Android application uses a set of nonsecure credentials when...
High
Unreviewed
CVE-2017-3760
was published
May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for...
Critical
Unreviewed
CVE-2017-15994
was published
May 13, 2022
An issue was discovered in Listary through 6. Improper implementation of the update process leads...
High
Unreviewed
CVE-2021-41067
was published
Dec 15, 2021
Incomplete validation of shapes in multiple TF ops
High
CVE-2021-41206
was published
for
tensorflow
(pip)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API