GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,130
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
88 advisories
Filter by severity
An attacker with access to the private network (the charger is connected to) or local access to...
Moderate
Unreviewed
CVE-2024-5684
was published
Jun 6, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows...
Moderate
Unreviewed
CVE-2024-31341
was published
May 17, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for...
Moderate
Unreviewed
CVE-2024-27244
was published
May 15, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker...
Moderate
Unreviewed
CVE-2023-6323
was published
May 15, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL...
Moderate
Unreviewed
CVE-2023-45586
was published
May 14, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Moderate
Unreviewed
CVE-2024-33494
was published
May 14, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the...
Moderate
Unreviewed
CVE-2023-6533
was published
Feb 21, 2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
Moderate
Unreviewed
CVE-2023-32329
was published
Feb 3, 2024
Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a...
Moderate
Unreviewed
CVE-2023-51766
was published
Dec 24, 2023
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote...
Moderate
Unreviewed
CVE-2023-51765
was published
Dec 24, 2023
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions...
Moderate
Unreviewed
CVE-2023-51764
was published
Dec 24, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode...
Moderate
Unreviewed
CVE-2023-51655
was published
Dec 21, 2023
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version...
Moderate
Unreviewed
CVE-2023-42782
was published
Oct 10, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between...
Moderate
Unreviewed
CVE-2023-5366
was published
Oct 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,...
Moderate
Unreviewed
CVE-2023-3920
was published
Sep 29, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity...
Moderate
Unreviewed
CVE-2023-35719
was published
Sep 6, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.
Moderate
Unreviewed
CVE-2023-3749
was published
Aug 3, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and...
Moderate
Unreviewed
CVE-2023-36858
was published
Aug 2, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote...
Moderate
Unreviewed
CVE-2023-2314
was published
Jul 29, 2023
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
Moderate
Unreviewed
CVE-2023-30562
was published
Jul 13, 2023
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing...
Moderate
Unreviewed
CVE-2022-4537
was published
Jul 6, 2023
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up...
Moderate
Unreviewed
CVE-2023-2897
was published
Jun 9, 2023
In modem, there is a possible missing verification of HashMME value in Security Mode Command....
Moderate
Unreviewed
CVE-2022-44420
was published
May 9, 2023
Akuvox E11 does not ensure that a file extension is associated with the file provided. This could...
Moderate
Unreviewed
CVE-2023-0350
was published
Mar 13, 2023
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30...
Moderate
Unreviewed
CVE-2023-21441
was published
Feb 9, 2023
ProTip!
Advisories are also available from the
GraphQL API