Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

347 advisories

Loading
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on... High Unreviewed
CVE-2023-5450 was published Oct 10, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between... Moderate Unreviewed
CVE-2023-5366 was published Oct 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,... Moderate Unreviewed
CVE-2023-3920 was published Sep 29, 2023
Kubernetes users may update Pod labels to bypass network policy Moderate
CVE-2023-39347 was published for github.com/cilium/cilium (Go) Sep 26, 2023
odinuge nebril
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the... High Unreviewed
CVE-2023-43636 was published Sep 20, 2023
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,... High Unreviewed
CVE-2023-20236 was published Sep 13, 2023
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10... High Unreviewed
CVE-2023-4589 was published Sep 6, 2023
ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity... Moderate Unreviewed
CVE-2023-35719 was published Sep 6, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper... High Unreviewed
CVE-2023-35906 was published Sep 5, 2023
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to... High Unreviewed
CVE-2023-38831 was published Aug 23, 2023
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of... High Unreviewed
CVE-2023-22955 was published Aug 11, 2023
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5... High Unreviewed
CVE-2023-36541 was published Aug 8, 2023
A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This... Low Unreviewed
CVE-2023-4177 was published Aug 6, 2023
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36134 was published Aug 4, 2023
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36139 was published Aug 4, 2023
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed
CVE-2023-3749 was published Aug 3, 2023
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity... High Unreviewed
CVE-2023-3663 was published Aug 3, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and... Moderate Unreviewed
CVE-2023-36858 was published Aug 2, 2023
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote... Moderate Unreviewed
CVE-2023-2314 was published Jul 29, 2023
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Moderate Unreviewed
CVE-2023-30562 was published Jul 13, 2023
Controller may be loaded with malicious firmware which could enable remote code execution Critical Unreviewed
CVE-2023-25178 was published Jul 13, 2023
Pipelines do not validate child UIDs Low
CVE-2023-37264 was published for github.com/tektoncd/pipeline (Go) Jul 7, 2023
wlynch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database