GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
342 advisories
Filter by severity
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions...
Moderate
Unreviewed
CVE-2023-51764
was published
Dec 24, 2023
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode...
Moderate
Unreviewed
CVE-2023-51655
was published
Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
Validation of SignedInfo
High
CVE-2023-49087
was published
for
simplesamlphp/saml2
(Composer)
Nov 28, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
vantage6-server node accepts non-whitelisted algorithms from malicious server
High
CVE-2023-47631
was published
for
vantage6-server
(pip)
Nov 14, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Moderate
CVE-2023-5548
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation...
Critical
Unreviewed
CVE-2023-4699
was published
Nov 6, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote...
High
Unreviewed
CVE-2023-5482
was published
Nov 1, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
When the Node.js policy feature checks the integrity of a resource against a trusted manifest,...
High
Unreviewed
CVE-2023-38552
was published
Oct 18, 2023
Insufficient Verification of Data Authenticity in Apache InLong
Moderate
CVE-2023-43666
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version...
Moderate
Unreviewed
CVE-2023-42782
was published
Oct 10, 2023
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on...
High
Unreviewed
CVE-2023-5450
was published
Oct 10, 2023
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between...
Moderate
Unreviewed
CVE-2023-5366
was published
Oct 6, 2023
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,...
Moderate
Unreviewed
CVE-2023-3920
was published
Sep 29, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
Composer allows cache poisoning from other projects built on the same host
High
CVE-2015-8371
was published
for
composer/composer
(Composer)
Sep 21, 2023
ProTip!
Advisories are also available from the
GraphQL API