Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using... Moderate Unreviewed
CVE-2021-22947 was published May 24, 2022
PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed
CVE-2022-26579 was published Dec 17, 2022
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Moderate Unreviewed
CVE-2024-33494 was published May 14, 2024
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL... Moderate Unreviewed
CVE-2023-45586 was published May 14, 2024
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker... Moderate Unreviewed
CVE-2023-6323 was published May 15, 2024
Insufficient Verification of Data Authenticity vulnerability in Cozmoslabs Profile Builder allows... Moderate Unreviewed
CVE-2024-31341 was published May 17, 2024
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
An attacker with access to the private network (the charger is connected to) or local access to... Moderate Unreviewed
CVE-2024-5684 was published Jun 6, 2024
Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed
CVE-2023-51764 was published Dec 24, 2023
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote... Moderate Unreviewed
CVE-2023-51765 was published Dec 24, 2023
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
In regclient, pinned manifest digests may be ignored Moderate
GHSA-qv35-3gw6-8q4j was published for github.com/regclient/regclient (Go) Aug 5, 2024
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a... Moderate Unreviewed
CVE-2023-35764 was published Apr 3, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always... Moderate Unreviewed
CVE-2024-25584 was published Sep 6, 2024
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Moderate Unreviewed
CVE-2024-38432 was published Jul 30, 2024
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database