GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
WildFly Elytron OpenID Connect Client Extension authorization code injection attack
Moderate
CVE-2024-12369
was published
for
org.wildfly:wildfly-elytron-oidc-client-subsystem
(Maven)
Dec 9, 2024
sigstore-java has vulnerability with bundle verification
Moderate
CVE-2024-53267
was published
for
dev.sigstore:sigstore-java
(Maven)
Nov 26, 2024
Certifi removes GLOBALTRUST root certificate
Low
CVE-2024-39689
was published
for
certifi
(pip)
Jul 5, 2024
OpenStack Neutron can use an incorrect ID during policy enforcement
Moderate
CVE-2024-53916
was published
for
neutron
(pip)
Nov 25, 2024
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Moderate
CVE-2024-53259
was published
for
github.com/quic-go/quic-go
(Go)
Dec 2, 2024
vantage6-server node accepts non-whitelisted algorithms from malicious server
High
CVE-2023-47631
was published
for
vantage6-node
(pip)
Nov 14, 2023
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Missing validation during checkpoint loading
High
CVE-2021-41203
was published
for
tensorflow
(pip)
Nov 10, 2021
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
Insufficient Verification of Data Authenticity in python-keystoneclient
Critical
CVE-2013-2167
was published
for
python-keystoneclient
(pip)
Mar 10, 2020
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Gradio lacks integrity checking on the downloaded FRP client
High
CVE-2024-47867
was published
for
gradio
(pip)
Oct 10, 2024
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Openstack Neutron has Insufficient Verification of IPv6 addresses
High
CVE-2021-20267
was published
for
neutron
(pip)
May 24, 2022
Incorrect header handling in mod-wsgi
High
CVE-2022-2255
was published
for
mod-wsgi
(pip)
Aug 26, 2022
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
dnslib has DNS reply verification issue
High
CVE-2022-22846
was published
for
dnslib
(pip)
Jan 12, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
High
CVE-2024-30250
was published
for
@kindspells/astro-shield
(npm)
Apr 1, 2024
Ansible does not verify that the server hostname matches a domain name in certificates
High
CVE-2015-3908
was published
for
ansible
(pip)
Oct 10, 2018
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
High
CVE-2023-6236
was published
for
org.wildfly.security:wildfly-elytron-http-oidc
(Maven)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API