GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,984
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on...
Moderate
Unreviewed
CVE-2023-41970
was published
May 2, 2024
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on...
Low
Unreviewed
CVE-2024-23462
was published
May 2, 2024
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on...
Moderate
Unreviewed
CVE-2024-23461
was published
May 2, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Improper Input Validation vulnerability in the upload functionality for user avatars allows...
Low
Unreviewed
CVE-2024-23790
was published
Jan 29, 2024
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to...
Moderate
Unreviewed
CVE-2023-42143
was published
Jan 23, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers...
High
Unreviewed
CVE-2023-36650
was published
Dec 12, 2023
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an...
Moderate
Unreviewed
CVE-2023-28802
was published
Nov 21, 2023
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through...
Moderate
Unreviewed
CVE-2023-28002
was published
Nov 14, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream...
High
Unreviewed
CVE-2022-24404
was published
Oct 19, 2023
All firmware versions of the NPort 5000 Series are affected by an improper validation of...
High
Unreviewed
CVE-2023-4929
was published
Oct 3, 2023
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could...
Moderate
Unreviewed
CVE-2023-20233
was published
Sep 13, 2023
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial...
High
Unreviewed
CVE-2023-38802
was published
Aug 29, 2023
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access...
Critical
Unreviewed
CVE-2023-33668
was published
Jul 12, 2023
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3...
Moderate
Unreviewed
CVE-2023-30673
was published
Jul 6, 2023
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then...
Moderate
Unreviewed
CVE-2023-31438
was published
Jun 13, 2023
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a...
Moderate
Unreviewed
CVE-2023-31439
was published
Jun 13, 2023
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in...
Moderate
Unreviewed
CVE-2023-31437
was published
Jun 13, 2023
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private...
Moderate
Unreviewed
CVE-2023-33981
was published
May 24, 2023
Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00...
High
Unreviewed
CVE-2023-30356
was published
May 10, 2023
ProTip!
Advisories are also available from the
GraphQL API