GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,545
Composer 4,693
Erlang 34
GitHub Actions 28
Go 2,283
Maven 5,567
npm 3,934
NuGet 708
pip 3,702
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 255,905

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

118 advisories

Filter by severity

Sort by

Least recently updated

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed

CVE-2021-41831 was published May 24, 2022

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed

CVE-2021-34709 was published May 24, 2022

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed

CVE-2021-23992 was published May 24, 2022

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who... Moderate Unreviewed

CVE-2021-3421 was published May 24, 2022

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed

CVE-2021-21474 was published May 24, 2022

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed

CVE-2021-1136 was published May 24, 2022

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed

CVE-2021-1244 was published May 24, 2022

The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed

CVE-2018-18688 was published May 24, 2022

The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed

CVE-2018-18689 was published May 24, 2022

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without... Moderate Unreviewed

CVE-2020-29438 was published May 24, 2022

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed... Moderate Unreviewed

CVE-2020-8133 was published May 24, 2022

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Moderate Unreviewed

CVE-2020-11488 was published May 24, 2022

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Moderate Unreviewed

CVE-2020-16922 was published May 24, 2022

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an... Moderate Unreviewed

CVE-2019-1736 was published May 24, 2022

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the... Moderate Unreviewed

CVE-2020-10759 was published May 24, 2022

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i... Moderate Unreviewed

CVE-2020-13101 was published May 24, 2022

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot... Moderate Unreviewed

CVE-2020-15705 was published May 24, 2022

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer... Moderate Unreviewed

CVE-2020-12244 was published May 24, 2022

A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense ... Moderate Unreviewed

CVE-2020-3308 was published May 24, 2022

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of... Moderate Unreviewed

CVE-2019-3738 was published May 24, 2022

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the... Moderate Unreviewed

CVE-2019-5592 was published May 24, 2022

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement... Moderate Unreviewed

CVE-2017-18407 was published May 24, 2022

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client... Moderate Unreviewed

CVE-2019-9149 was published May 24, 2022

It was found that Spacewalk, all versions through 2.8, did not safely compute client token... Moderate Unreviewed

CVE-2019-10136 was published May 24, 2022

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160,... Moderate Unreviewed

CVE-2019-5300 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

118 advisories