GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,259
Composer 4,354
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,293
npm 3,779
NuGet 681
pip 3,460
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,857

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

104 advisories

Filter by severity

Sort by

Least recently updated

sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote... Moderate Unreviewed

CVE-2023-51765 was published Dec 24, 2023

Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions... Moderate Unreviewed

CVE-2023-51764 was published Dec 24, 2023

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode... Moderate Unreviewed

CVE-2023-51655 was published Dec 21, 2023

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version... Moderate Unreviewed

CVE-2023-42782 was published Oct 10, 2023

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between... Moderate Unreviewed

CVE-2023-5366 was published Oct 6, 2023

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,... Moderate Unreviewed

CVE-2023-3920 was published Sep 29, 2023

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity... Moderate Unreviewed

CVE-2023-35719 was published Sep 6, 2023

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Moderate Unreviewed

CVE-2023-3749 was published Aug 3, 2023

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and... Moderate Unreviewed

CVE-2023-36858 was published Aug 2, 2023

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote... Moderate Unreviewed

CVE-2023-2314 was published Jul 29, 2023

A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Moderate Unreviewed

CVE-2023-30562 was published Jul 13, 2023

The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing... Moderate Unreviewed

CVE-2022-4537 was published Jul 6, 2023

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up... Moderate Unreviewed

CVE-2023-2897 was published Jun 9, 2023

In modem, there is a possible missing verification of HashMME value in Security Mode Command.... Moderate Unreviewed

CVE-2022-44420 was published May 9, 2023

Akuvox E11 does not ensure that a file extension is associated with the file provided. This could... Moderate Unreviewed

CVE-2023-0350 was published Mar 13, 2023

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30... Moderate Unreviewed

CVE-2023-21441 was published Feb 9, 2023

Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a... Moderate Unreviewed

CVE-2021-26396 was published Jan 11, 2023

PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to... Moderate Unreviewed

CVE-2022-26579 was published Dec 17, 2022

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE... Moderate Unreviewed

CVE-2022-37928 was published Dec 12, 2022

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager... Moderate Unreviewed

CVE-2022-39909 was published Dec 8, 2022

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed

CVE-2022-0031 was published Nov 9, 2022

It was found that a specially crafted LUKS header could trick cryptsetup into disabling... Moderate Unreviewed

CVE-2021-4122 was published Aug 25, 2022

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed

CVE-2022-2789 was published Aug 20, 2022

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed

CVE-2020-1755 was published Aug 17, 2022

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed

CVE-2022-31598 was published Jul 13, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

104 advisories