Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,954
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

87 advisories

github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2024-23461 was published May 2, 2024
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on... Low Unreviewed
CVE-2024-23462 was published May 2, 2024
An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-41970 was published May 2, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
All firmware versions of the NPort 5000 Series are affected by an improper validation of... High Unreviewed
CVE-2023-4929 was published Oct 3, 2023
Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00... High Unreviewed
CVE-2023-30356 was published May 10, 2023
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream... High Unreviewed
CVE-2022-24404 was published Oct 19, 2023
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access... Critical Unreviewed
CVE-2023-33668 was published Jul 12, 2023
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3... Moderate Unreviewed
CVE-2023-30673 was published Jul 6, 2023
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private... Moderate Unreviewed
CVE-2023-33981 was published May 24, 2023
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before... High Unreviewed
CVE-2019-18672 was published May 24, 2022
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a... High Unreviewed
CVE-2019-13496 was published May 24, 2022
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving... High Unreviewed
CVE-2019-11753 was published May 24, 2022
A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka ... Moderate Unreviewed
CVE-2019-1163 was published May 24, 2022
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange... Low Unreviewed
CVE-2019-10155 was published May 24, 2022
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in... Moderate Unreviewed
CVE-2023-31437 was published Jun 13, 2023
When curl is instructed to download content using the metalink feature, thecontents is verified... High Unreviewed
CVE-2021-22922 was published May 24, 2022
Improper Input Validation vulnerability in the upload functionality for user avatars allows... Low Unreviewed
CVE-2024-23790 was published Jan 29, 2024
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could... Moderate Unreviewed
CVE-2023-20233 was published Sep 13, 2023
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to... Moderate Unreviewed
CVE-2023-42143 was published Jan 23, 2024
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
ProTip! Advisories are also available from the GraphQL API