GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
285 advisories
Filter by severity
A firmware update vulnerability exists in the "update" firmware checks functionality of...
High
Unreviewed
CVE-2022-21134
was published
Jan 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,...
High
Unreviewed
CVE-2021-32977
was published
Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
High
Unreviewed
CVE-2021-30066
was published
Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first...
High
Unreviewed
CVE-2015-3298
was published
Mar 31, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun...
High
Unreviewed
CVE-2020-25166
was published
Apr 15, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who...
Moderate
Unreviewed
CVE-2021-21474
was published
May 24, 2022
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus...
Critical
Unreviewed
CVE-2021-37160
was published
May 24, 2022
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure...
High
Unreviewed
CVE-2021-1366
was published
May 24, 2022
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-23533
was published
May 24, 2022
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java)...
Moderate
Unreviewed
CVE-2017-10669
was published
May 17, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux...
High
Unreviewed
CVE-2014-9934
was published
May 17, 2022
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)...
Critical
Unreviewed
CVE-2022-31206
was published
Jul 27, 2022
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18...
Critical
Unreviewed
CVE-2022-31207
was published
Jul 27, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2022-20944
was published
Oct 11, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted...
Moderate
Unreviewed
CVE-2022-47549
was published
Dec 19, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the...
High
Unreviewed
CVE-2019-16732
was published
May 24, 2022
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer...
Moderate
Unreviewed
CVE-2020-12244
was published
May 24, 2022
A vulnerability exists that could allow the execution of unauthorized code or operating system...
High
Unreviewed
CVE-2020-9047
was published
May 24, 2022
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the...
High
Unreviewed
CVE-2020-10126
was published
May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347...
Moderate
Unreviewed
CVE-2022-2790
was published
Aug 20, 2022
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot...
Moderate
Unreviewed
CVE-2020-15705
was published
May 24, 2022
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass...
Critical
Unreviewed
CVE-2020-12676
was published
May 24, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an...
Moderate
Unreviewed
CVE-2019-1736
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API