Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset... Critical Unreviewed
CVE-2024-24621 was published Jul 26, 2024
ServiceNow has addressed an input validation vulnerability that was identified in the Washington... Critical Unreviewed
CVE-2024-5217 was published Jul 10, 2024
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code Critical
CVE-2023-45133 was published for @babel/traverse (npm) Oct 16, 2023
SteakEnthusiast ashdude1401
nicolo-ribaudo Apetree100122 ebickle
Dynamic Linq vulnerable to remote code execution Critical
CVE-2023-32571 was published for System.Linq.Dynamic.Core (NuGet) Jun 22, 2023
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows... Critical Unreviewed
CVE-2022-47034 was published Feb 14, 2023
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic.... Critical Unreviewed
CVE-2014-125057 was published Jan 7, 2023
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a... Critical Unreviewed
CVE-2021-27786 was published Jun 10, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because... Critical Unreviewed
CVE-2020-23359 was published May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where... Critical Unreviewed
CVE-2020-23360 was published May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for... Critical Unreviewed
CVE-2020-23361 was published May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL Critical Unreviewed
CVE-2020-25696 was published Feb 15, 2022
Incorrect Comparison in sodiumoxide Critical
CVE-2019-25002 was published for sodiumoxide (Rust) Aug 25, 2021
ruuda
False-positive validity for NFT1 genesis transactions Critical
CVE-2020-15131 was published for slp-validate (npm) Jul 30, 2020
False-positive validity for NFT1 genesis transactions in SLPJS Critical
CVE-2020-15130 was published for slpjs (npm) Jul 30, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11072 was published for slp-validate (npm) May 12, 2020
False-negative validation results in MINT transactions with invalid baton Critical
CVE-2020-11071 was published for slpjs (npm) May 12, 2020
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
ProTip! Advisories are also available from the GraphQL API