Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

131 advisories

Loading
CPAN 2.28 allows Signature Verification Bypass. High Unreviewed
CVE-2020-16156 was published Dec 14, 2021
A firmware update vulnerability exists in the "update" firmware checks functionality of... High Unreviewed
CVE-2022-21134 was published Jan 29, 2022
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. High Unreviewed
CVE-2020-16154 was published Feb 10, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-24115 was published Feb 11, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first... High Unreviewed
CVE-2015-3298 was published Mar 31, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,... High Unreviewed
CVE-2021-32977 was published Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... High Unreviewed
CVE-2021-30066 was published Apr 5, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun... High Unreviewed
CVE-2020-25166 was published Apr 15, 2022
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... High Unreviewed
CVE-2013-3900 was published May 3, 2022
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from... High Unreviewed
CVE-2018-3968 was published May 13, 2022
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal... High Unreviewed
CVE-2018-7340 was published May 13, 2022
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions),... High Unreviewed
CVE-2018-16557 was published May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16151 was published May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16152 was published May 13, 2022
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted... High Unreviewed
CVE-2018-7685 was published May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ... High Unreviewed
CVE-2018-6664 was published May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2018-15374 was published May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2... High Unreviewed
CVE-2017-11400 was published May 13, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed
CVE-2017-6445 was published May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the... High Unreviewed
CVE-2018-10988 was published May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows... High Unreviewed
CVE-2018-18653 was published May 13, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control... High Unreviewed
CVE-2018-12019 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature... High Unreviewed
CVE-2017-17848 was published May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block... High Unreviewed
CVE-2018-3756 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database