Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,130
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote... Moderate Unreviewed
CVE-2023-51765 was published Dec 24, 2023
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed
CVE-2023-51764 was published Dec 24, 2023
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed
CVE-2022-26579 was published Dec 17, 2022
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using... Moderate Unreviewed
CVE-2021-22947 was published May 24, 2022
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version... Moderate Unreviewed
CVE-2023-42782 was published Oct 10, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,... Moderate Unreviewed
CVE-2023-3920 was published Sep 29, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed
CVE-2023-3749 was published Aug 3, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and... Moderate Unreviewed
CVE-2023-36858 was published Aug 2, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote... Moderate Unreviewed
CVE-2023-2314 was published Jul 29, 2023
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing... Moderate Unreviewed
CVE-2022-4537 was published Jul 6, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up... Moderate Unreviewed
CVE-2023-2897 was published Jun 9, 2023
In modem, there is a possible missing verification of HashMME value in Security Mode Command.... Moderate Unreviewed
CVE-2022-44420 was published May 9, 2023
com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and... Moderate Unreviewed
CVE-2019-20057 was published May 24, 2022
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why... Moderate Unreviewed
CVE-2019-15162 was published May 24, 2022
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any... Moderate Unreviewed
CVE-2019-11737 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API