Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
IBM Security Access Manager for Web processes patches, image backups and other updates without... Moderate Unreviewed
CVE-2016-3016 was published May 13, 2022
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify... Moderate Unreviewed
CVE-2014-0364 was published May 13, 2022
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges... Moderate Unreviewed
CVE-2021-26368 was published May 13, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
This vulnerability arises because the application allows the user to perform some sensitive... Moderate Unreviewed
CVE-2021-27759 was published May 7, 2022
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2022-0031 was published Nov 9, 2022
Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed
CVE-2022-37928 was published Dec 12, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed
CVE-2019-5587 was published May 24, 2022
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted... Moderate Unreviewed
CVE-2020-23906 was published May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22460 was published May 24, 2022
The programmer installation utility does not perform a cryptographic authenticity or integrity... Moderate Unreviewed
CVE-2021-38396 was published May 24, 2022
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode... Moderate Unreviewed
CVE-2021-34572 was published May 24, 2022
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant... Moderate Unreviewed
CVE-2021-38597 was published May 24, 2022
A ZTE's product of the transport network access layer has a security vulnerability. Because the... Moderate Unreviewed
CVE-2021-21739 was published May 24, 2022
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability.... Moderate Unreviewed
CVE-2021-22419 was published May 24, 2022
Insufficient Data Verification in io.really:jwt-scala Moderate
CVE-2017-10862 was published for io.really:jwt-scala (Maven) May 17, 2022
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the... Moderate Unreviewed
CVE-2021-21588 was published May 24, 2022
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock... Moderate Unreviewed
CVE-2021-23998 was published May 24, 2022
Address bar search suggestions in private browsing mode were re-using session data from normal... Moderate Unreviewed
CVE-2021-29963 was published May 24, 2022
wire-ios is the iOS version of Wire, an open-source secure messaging app. wire-ios versions 3.8.0... Moderate Unreviewed
CVE-2021-32665 was published May 24, 2022
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios,... Moderate Unreviewed
CVE-2021-22339 was published May 24, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed
CVE-2020-1755 was published Aug 17, 2022
There is an information disclosure vulnerability in several smartphones. The device does not... Moderate Unreviewed
CVE-2020-9109 was published May 24, 2022
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using... Moderate Unreviewed
CVE-2020-11985 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database