Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed
CVE-2021-39909 was published May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed
CVE-2021-41831 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed
CVE-2021-34709 was published May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed
CVE-2021-23992 was published May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who... Moderate Unreviewed
CVE-2021-3421 was published May 24, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed
CVE-2021-21474 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1136 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1244 was published May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18689 was published May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18688 was published May 24, 2022
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without... Moderate Unreviewed
CVE-2020-29438 was published May 24, 2022
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed... Moderate Unreviewed
CVE-2020-8133 was published May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Moderate Unreviewed
CVE-2020-11488 was published May 24, 2022
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Moderate Unreviewed
CVE-2020-16922 was published May 24, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an... Moderate Unreviewed
CVE-2019-1736 was published May 24, 2022
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the... Moderate Unreviewed
CVE-2020-10759 was published May 24, 2022
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i... Moderate Unreviewed
CVE-2020-13101 was published May 24, 2022
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot... Moderate Unreviewed
CVE-2020-15705 was published May 24, 2022
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer... Moderate Unreviewed
CVE-2020-12244 was published May 24, 2022
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense ... Moderate Unreviewed
CVE-2020-3308 was published May 24, 2022
python-apt Does Not Check Hash Signature Moderate
CVE-2019-15796 was published for python-apt (pip) May 24, 2022
Missing SSH host key validation in Mac Plugin Moderate
CVE-2020-2146 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of... Moderate Unreviewed
CVE-2019-3738 was published May 24, 2022
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the... Moderate Unreviewed
CVE-2019-5592 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database