Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,866
Maven
5,000+
npm
3,588
NuGet
636
pip
3,178
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows... High Unreviewed
CVE-2023-31211 was published Jan 12, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local... High Unreviewed
CVE-2024-32896 was published Jun 13, 2024
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a... Moderate Unreviewed
CVE-2024-33431 was published May 1, 2024
Contract balance not updating correctly after interchain transaction High
CVE-2024-37153 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vvaradinov EvmosDAO
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the... Unknown Unreviewed
CVE-2024-5659 was published Jun 14, 2024
Keycloak's improper input validation allows using email as username Low
GHSA-4vc8-pg5c-vg4x was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Requests `Session` object does not verify requests after making first request with verify=False Moderate
CVE-2024-35195 was published for requests (pip) May 20, 2024
mikeassel sigmavirus24
nateprewitt
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud) Moderate
GHSA-6xch-2vxx-5pvr was published for ezsystems/ezplatform (Composer) May 15, 2024
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before... Moderate Unreviewed
CVE-2023-28711 was published Aug 11, 2023
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the... Moderate Unreviewed
CVE-2022-29609 was published Apr 20, 2023
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source... High Unreviewed
CVE-2022-29607 was published Apr 20, 2023
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of... High Unreviewed
CVE-2022-29605 was published Apr 20, 2023
Memory corruption in modem due to improper input validation while handling the incoming CoAP message Critical Unreviewed
CVE-2022-25745 was published Apr 13, 2023
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non... Moderate Unreviewed
CVE-2020-5753 was published May 24, 2022
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency,... Moderate Unreviewed
CVE-2021-43979 was published May 24, 2022
A malicious insider exploiting this vulnerability can circumvent existing security controls put... Moderate Unreviewed
CVE-2024-0313 was published Mar 14, 2024
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security... Moderate Unreviewed
CVE-2021-3011 was published May 24, 2022
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log Moderate
CVE-2023-39152 was published for org.jenkins-ci.plugins:gradle (Maven) Jul 26, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha Moderate
CVE-2023-45292 was published for github.com/mojocn/base64Captcha (Go) Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4 Moderate
CVE-2023-49798 was published for @openzeppelin/contracts (npm) Dec 12, 2023
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will... High Unreviewed
CVE-2023-1668 was published Apr 11, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled High
CVE-2023-23623 was published for electron (npm) Sep 6, 2023
andreasdj
Vyper: reversed order of side effects for some operations Moderate
CVE-2023-40015 was published for vyper (pip) Sep 4, 2023
trocher
Incorrect success value returned in vyper High
CVE-2023-30629 was published for vyper (pip) Apr 24, 2023
algys pavelvm5
Vyper's nonpayable default functions are sometimes payable Low
CVE-2023-32675 was published for vyper (pip) May 22, 2023
trocher
ProTip! Advisories are also available from the GraphQL API