Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Insufficient Verification of Data Authenticity in Eclipse Theia High
CVE-2019-17636 was published for @theia/mini-browser (npm) Apr 13, 2021
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault High
CVE-2020-16250 was published for github.com/hashicorp/vault (Go) Aug 2, 2021
Missing validation during checkpoint loading High
CVE-2021-41203 was published for tensorflow (pip) Nov 10, 2021
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen
Nimbus JOSE+JWT missing overflow check High
CVE-2017-12972 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
Auth0 Passport-SharePoint does not validate JWT signature High
CVE-2019-13483 was published for passport-sharepoint (npm) May 24, 2022
Magento 2 Community Edition Security Bypass High
CVE-2019-8112 was published for magento/community-edition (Composer) May 24, 2022
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Payment information sent to PayPal not necessarily identical to created order High
CVE-2023-23941 was published for swag/paypal (Composer) Feb 3, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability High
CVE-2023-43800 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
ProTip! Advisories are also available from the GraphQL API