GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
142 advisories
Filter by severity
A firmware update vulnerability exists in the "update" firmware checks functionality of...
High
Unreviewed
CVE-2022-21134
was published
Jan 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,...
High
Unreviewed
CVE-2021-32977
was published
Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
High
Unreviewed
CVE-2021-30066
was published
Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first...
High
Unreviewed
CVE-2015-3298
was published
Mar 31, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun...
High
Unreviewed
CVE-2020-25166
was published
Apr 15, 2022
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-23533
was published
May 24, 2022
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure...
High
Unreviewed
CVE-2021-1366
was published
May 24, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux...
High
Unreviewed
CVE-2014-9934
was published
May 17, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the...
High
Unreviewed
CVE-2019-16732
was published
May 24, 2022
A vulnerability exists that could allow the execution of unauthorized code or operating system...
High
Unreviewed
CVE-2020-9047
was published
May 24, 2022
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the...
High
Unreviewed
CVE-2020-10126
was published
May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened...
High
Unreviewed
CVE-2020-26540
was published
May 24, 2022
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017...
High
Unreviewed
CVE-2020-24429
was published
May 24, 2022
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via...
High
Unreviewed
CVE-2020-26122
was published
May 24, 2022
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires...
High
Unreviewed
CVE-2020-28045
was published
May 24, 2022
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without...
High
Unreviewed
CVE-2020-23967
was published
May 24, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for the...
High
Unreviewed
CVE-2021-1453
was published
May 24, 2022
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-36284
was published
May 24, 2022
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco...
High
Unreviewed
CVE-2021-1375
was published
May 24, 2022
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-36285
was published
May 24, 2022
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any...
High
Unreviewed
CVE-2021-33054
was published
May 24, 2022
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This...
High
Unreviewed
CVE-2021-3445
was published
May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX)...
High
Unreviewed
CVE-2021-22734
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API