Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
Removal of e-Tugra root certificate High
CVE-2023-37920 was published for certifi (pip) Jul 25, 2023
crimsonknave
CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts High
GHSA-r3r4-g7hq-pq4f was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature
Gradio lacks integrity checking on the downloaded FRP client High
CVE-2024-47867 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
vantage6-server node accepts non-whitelisted algorithms from malicious server High
CVE-2023-47631 was published for vantage6-node (pip) Nov 14, 2023
Missing validation during checkpoint loading High
CVE-2021-41203 was published for tensorflow (pip) Nov 10, 2021
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
Openstack Neutron has Insufficient Verification of IPv6 addresses High
CVE-2021-20267 was published for neutron (pip) May 24, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
dnslib has DNS reply verification issue High
CVE-2022-22846 was published for dnslib (pip) Jan 12, 2022
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists High
CVE-2024-30250 was published for @kindspells/astro-shield (npm) Apr 1, 2024
castarco
Ansible does not verify that the server hostname matches a domain name in certificates High
CVE-2015-3908 was published for ansible (pip) Oct 10, 2018
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum schanzen
milux levpachmanov
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log High
CVE-2023-6236 was published for org.wildfly.security:wildfly-elytron-http-oidc (Maven) Apr 10, 2024
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
Spring Security vulnerable to Authorization Bypass High
CVE-2018-15801 was published for org.springframework.security:spring-security-core (Maven) Dec 20, 2018
MarkLee131 sunSUNQ
Magento 2 Community Edition Security Bypass High
CVE-2019-8112 was published for magento/community-edition (Composer) May 24, 2022
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs High
CVE-2022-3346 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Validation of SignedInfo High
CVE-2023-49087 was published for simplesamlphp/saml2 (Composer) Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database