GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during...
High
Unreviewed
CVE-2021-31913
was published
May 24, 2022
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi...
Moderate
Unreviewed
CVE-2020-26141
was published
May 24, 2022
Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could...
Moderate
Unreviewed
CVE-2020-14009
was published
May 24, 2022
Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3...
High
Unreviewed
CVE-2021-20709
was published
May 24, 2022
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does...
Moderate
Unreviewed
CVE-2020-9118
was published
May 24, 2022
Moodle Grade information disclosure in grade's external fetch functions
Moderate
CVE-2021-20184
was published
for
moodle/moodle
(Composer)
May 24, 2022
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration...
High
Unreviewed
CVE-2020-25758
was published
May 24, 2022
Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions...
Moderate
Unreviewed
CVE-2020-5637
was published
May 24, 2022
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019...
High
Unreviewed
CVE-2020-28656
was published
May 24, 2022
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash....
High
Unreviewed
CVE-2020-25862
was published
May 24, 2022
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host...
Moderate
Unreviewed
CVE-2020-5964
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows...
Moderate
Unreviewed
CVE-2020-8838
was published
May 24, 2022
There is an improper integrity checking vulnerability on some huawei products. The software of...
Low
Unreviewed
CVE-2020-1879
was published
May 24, 2022
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before...
High
Unreviewed
CVE-2019-18672
was published
May 24, 2022
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a...
High
Unreviewed
CVE-2019-13496
was published
May 24, 2022
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving...
High
Unreviewed
CVE-2019-11753
was published
May 24, 2022
A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka ...
Moderate
Unreviewed
CVE-2019-1163
was published
May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange...
Low
Unreviewed
CVE-2019-10155
was published
May 24, 2022
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity...
Moderate
Unreviewed
CVE-2017-9498
was published
May 13, 2022
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3...
High
Unreviewed
CVE-2017-4961
was published
May 13, 2022
The Lenovo Service Framework Android application uses a set of nonsecure credentials when...
High
Unreviewed
CVE-2017-3760
was published
May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for...
Critical
Unreviewed
CVE-2017-15994
was published
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third...
High
Unreviewed
CVE-2018-6336
was published
May 13, 2022
Improper Validation of Integrity Check Value in Bouncy Castle
Moderate
CVE-2018-5382
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API