GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
136 advisories
Filter by severity
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
ReDoS in Sec-Websocket-Protocol header
Moderate
CVE-2021-32640
was published
for
ws
(npm)
May 28, 2021
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the...
Moderate
Unreviewed
CVE-2019-8921
was published
Nov 30, 2021
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate...
Moderate
Unreviewed
CVE-2020-10137
was published
Jan 11, 2022
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient...
Moderate
Unreviewed
CVE-2022-22567
was published
Feb 10, 2022
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to...
Moderate
Unreviewed
CVE-2021-24825
was published
Mar 8, 2022
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to...
Moderate
Unreviewed
CVE-2020-14122
was published
Apr 22, 2022
This vulnerability arises because the application allows the user to perform some sensitive...
Moderate
Unreviewed
CVE-2021-27759
was published
May 7, 2022
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges...
Moderate
Unreviewed
CVE-2021-26368
was published
May 13, 2022
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify...
Moderate
Unreviewed
CVE-2014-0364
was published
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
IBM Security Access Manager for Web processes patches, image backups and other updates without...
Moderate
Unreviewed
CVE-2016-3016
was published
May 13, 2022
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
Moderate
Unreviewed
CVE-2018-17938
was published
May 13, 2022
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient...
Moderate
Unreviewed
CVE-2018-10626
was published
May 13, 2022
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other...
Moderate
Unreviewed
CVE-2017-1405
was published
May 13, 2022
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software...
Moderate
Unreviewed
CVE-2017-12740
was published
May 13, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API