GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Prototype Pollution in upmerge
Moderate
GHSA-gm9g-2g8v-fvxj
was published
for
upmerge
(npm)
Jun 6, 2019
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
ReDoS in Sec-Websocket-Protocol header
Moderate
CVE-2021-32640
was published
for
ws
(npm)
May 28, 2021
Insufficient Verification of Data Authenticity in Pillow
Moderate
CVE-2021-28678
was published
for
Pillow
(pip)
Jun 8, 2021
Denial of Service in SheetJS Pro
Moderate
CVE-2021-32014
was published
for
org.webjars.npm:xlsx
(Maven)
Jul 22, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
File reference keys leads to incorrect hashes on HMAC algorithms
Moderate
CVE-2021-41106
was published
for
lcobucci/jwt
(Composer)
Sep 29, 2021
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7397
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Insufficient Verification of Data Authenticity in Async Http Client
Moderate
CVE-2013-7398
was published
for
com.ning:async-http-client
(Maven)
May 13, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Insufficient Verification of Data Authenticity in Apache Tomcat
Moderate
CVE-2017-7674
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
Moderate
CVE-2015-0259
was published
for
nova
(pip)
May 14, 2022
Insufficient Data Verification in io.really:jwt-scala
Moderate
CVE-2017-10862
was published
for
io.really:jwt-scala
(Maven)
May 17, 2022
Magento 2 Community Edition Insufficient Logging
Moderate
CVE-2019-8124
was published
for
magento/community-edition
(Composer)
May 24, 2022
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Moderate
CVE-2022-39199
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Certifi removing TrustCor root certificate
Moderate
CVE-2022-23491
was published
for
certifi
(pip)
Dec 7, 2022
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Moderate
CVE-2023-32993
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
Insufficient Verification of Data Authenticity in Apache InLong
Moderate
CVE-2023-43666
was published
for
org.apache.inlong:inlong
(Maven)
Oct 16, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API