GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
101 advisories
Filter by severity
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x...
Moderate
Unreviewed
CVE-2022-42010
was published
Oct 10, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35097
was published
Sep 3, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35113
was published
Sep 3, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle...
Moderate
Unreviewed
CVE-2021-40326
was published
Aug 29, 2022
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary...
Moderate
Unreviewed
CVE-2021-3521
was published
Aug 23, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347...
Moderate
Unreviewed
CVE-2022-2790
was published
Aug 20, 2022
This issue was addressed by verifying host keys when connecting to a previously-known SSH server....
Moderate
Unreviewed
CVE-2019-8901
was published
May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless...
Moderate
Unreviewed
CVE-2021-0152
was published
May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab...
Moderate
Unreviewed
CVE-2021-39909
was published
May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of...
Moderate
Unreviewed
CVE-2021-41831
was published
May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)...
Moderate
Unreviewed
CVE-2021-34709
was published
May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self...
Moderate
Unreviewed
CVE-2021-23992
was published
May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who...
Moderate
Unreviewed
CVE-2021-3421
was published
May 24, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who...
Moderate
Unreviewed
CVE-2021-21474
was published
May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when...
Moderate
Unreviewed
CVE-2021-1244
was published
May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when...
Moderate
Unreviewed
CVE-2021-1136
was published
May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the...
Moderate
Unreviewed
CVE-2018-18689
was published
May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the...
Moderate
Unreviewed
CVE-2018-18688
was published
May 24, 2022
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without...
Moderate
Unreviewed
CVE-2020-29438
was published
May 24, 2022
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed...
Moderate
Unreviewed
CVE-2020-8133
was published
May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC...
Moderate
Unreviewed
CVE-2020-11488
was published
May 24, 2022
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows...
Moderate
Unreviewed
CVE-2020-16922
was published
May 24, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an...
Moderate
Unreviewed
CVE-2019-1736
was published
May 24, 2022
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the...
Moderate
Unreviewed
CVE-2020-10759
was published
May 24, 2022
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i...
Moderate
Unreviewed
CVE-2020-13101
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API