GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

104 advisories

Filter by severity

Sort by

Least recently updated

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed

CVE-2021-21474 was published May 24, 2022

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java)... Moderate Unreviewed

CVE-2017-10669 was published May 17, 2022

A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed

CVE-2022-20944 was published Oct 11, 2022

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed

CVE-2022-47549 was published Dec 19, 2022

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer... Moderate Unreviewed

CVE-2020-12244 was published May 24, 2022

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347... Moderate Unreviewed

CVE-2022-2790 was published Aug 20, 2022

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot... Moderate Unreviewed

CVE-2020-15705 was published May 24, 2022

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an... Moderate Unreviewed

CVE-2019-1736 was published May 24, 2022

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed... Moderate Unreviewed

CVE-2020-8133 was published May 24, 2022

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Moderate Unreviewed

CVE-2020-11488 was published May 24, 2022

The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed

CVE-2018-18689 was published May 24, 2022

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without... Moderate Unreviewed

CVE-2020-29438 was published May 24, 2022

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed

CVE-2021-1244 was published May 24, 2022

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed

CVE-2021-1136 was published May 24, 2022

Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed

CVE-2021-35113 was published Sep 3, 2022

The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed

CVE-2018-18688 was published May 24, 2022

Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed

CVE-2021-35097 was published Sep 3, 2022

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who... Moderate Unreviewed

CVE-2021-3421 was published May 24, 2022

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed

CVE-2021-23992 was published May 24, 2022

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed

CVE-2021-34709 was published May 24, 2022

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed

CVE-2021-41831 was published May 24, 2022

Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed

CVE-2021-39909 was published May 24, 2022

Improper verification of cryptographic signature in the installer for some Intel(R) Wireless... Moderate Unreviewed

CVE-2021-0152 was published May 24, 2022

This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed

CVE-2019-8901 was published May 24, 2022

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle... Moderate Unreviewed

CVE-2021-40326 was published Aug 29, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

104 advisories