Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-node (pip) Nov 14, 2023
Invalid root may become trusted root in The Update Framework (TUF) Moderate
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Missing validation during checkpoint loading High
CVE-2021-41203 was published for tensorflow (pip) Nov 10, 2021
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
Insufficient Verification of Data Authenticity in python-keystoneclient Critical
CVE-2013-2167 was published for python-keystoneclient (pip) Mar 10, 2020
Insufficient Verification of Data Authenticity in Pillow Moderate
CVE-2021-28678 was published for Pillow (pip) Jun 8, 2021
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists High
CVE-2024-30250 was published for @kindspells/astro-shield (npm) Apr 1, 2024
castarco
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
In regclient, pinned manifest digests may be ignored Moderate
GHSA-qv35-3gw6-8q4j was published for github.com/regclient/regclient (Go) Aug 5, 2024
Certifi removes GLOBALTRUST root certificate Low
CVE-2024-39689 was published for certifi (pip) Jul 5, 2024
Kwpolska
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland rumpl
gabriellavengeo
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database