Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation Moderate
CVE-2023-32993 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Mail spoofing Moderate Unreviewed
CVE-2024-55929 was published Jan 23, 2025
aiosmtpd vulnerable to SMTP smuggling Moderate
CVE-2024-27305 was published for aiosmtpd (pip) Mar 13, 2024
The-Login
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
bottarocarlo
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-54111 was published Dec 12, 2024
WildFly Elytron OpenID Connect Client Extension authorization code injection attack Moderate
CVE-2024-12369 was published for org.wildfly:wildfly-elytron-oidc-client-subsystem (Maven) Dec 9, 2024
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux Moderate
CVE-2024-53259 was published for github.com/quic-go/quic-go (Go) Dec 2, 2024
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing... Moderate Unreviewed
CVE-2024-52548 was published Dec 3, 2024
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a... Moderate Unreviewed
CVE-2022-33861 was published Nov 25, 2024
Invalid root may become trusted root in The Update Framework (TUF) Moderate
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data... Moderate Unreviewed
CVE-2024-47254 was published Nov 5, 2024
Insufficient Verification of Data Authenticity in Pillow Moderate
CVE-2021-28678 was published for Pillow (pip) Jun 8, 2021
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional... Moderate Unreviewed
CVE-2024-47123 was published Sep 26, 2024
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8,... Moderate Unreviewed
CVE-2023-3920 was published Sep 29, 2023
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the... Moderate Unreviewed
CVE-2023-6533 was published Feb 21, 2024
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4533 was published Sep 19, 2024
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This... Moderate Unreviewed
CVE-2024-23922 was published Sep 23, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in... Moderate Unreviewed
CVE-2022-4539 was published Aug 31, 2024
ASAR Integrity bypass via filetype confusion in electron Moderate
CVE-2023-44402 was published for electron (npm) Dec 1, 2023
MarshallOfSound
Certifi removing TrustCor root certificate Moderate
CVE-2022-23491 was published for certifi (pip) Dec 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database