Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

33 advisories

Loading
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers,... Critical Unreviewed
CVE-2019-6318 was published May 13, 2022
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the... Critical Unreviewed
CVE-2017-3198 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10... Critical Unreviewed
CVE-2017-2423 was published May 13, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2.... Critical Unreviewed
CVE-2018-12356 was published May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet... Critical Unreviewed
CVE-2018-5923 was published May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine... Critical Unreviewed
CVE-2018-8955 was published May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon... Critical Unreviewed
CVE-2017-18146 was published May 14, 2022
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow... Critical Unreviewed
CVE-2019-1010263 was published May 24, 2022
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass... Critical Unreviewed
CVE-2019-1010161 was published May 24, 2022
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass... Critical Unreviewed
CVE-2020-12676 was published May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082... Critical Unreviewed
CVE-2020-27540 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in the Palo Alto... Critical Unreviewed
CVE-2021-3033 was published May 24, 2022
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and... Critical Unreviewed
CVE-2021-20487 was published May 24, 2022
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus... Critical Unreviewed
CVE-2021-37160 was published May 24, 2022
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)... Critical Unreviewed
CVE-2022-31206 was published Jul 27, 2022
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18... Critical Unreviewed
CVE-2022-31207 was published Jul 27, 2022
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature... Critical Unreviewed
CVE-2022-23334 was published Jan 30, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ... Critical Unreviewed
CVE-2023-25718 was published Feb 13, 2023
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler... Critical Unreviewed
CVE-2023-28801 was published Aug 31, 2023
An Improper Verification of Cryptographic Signature vulnerability in the update process of... Critical Unreviewed
CVE-2023-5347 was published Jan 9, 2024
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka... Critical Unreviewed
CVE-2023-44077 was published Jan 17, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a... Critical Unreviewed
CVE-2024-21917 was published Jan 31, 2024
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and... Critical Unreviewed
CVE-2018-25099 was published Mar 18, 2024
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful... Critical Unreviewed
CVE-2023-52538 was published Apr 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database