Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
Wizkunde SAMLBase SAML Bypass High
CVE-2018-5387 was published for gogentooss/samlbase (Composer) May 13, 2022
Insufficient consistency checks in signature handling in the networking stack in Google Chrome... Moderate Unreviewed
CVE-2017-5066 was published May 13, 2022
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function... Moderate Unreviewed
CVE-2018-10470 was published May 13, 2022
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from... High Unreviewed
CVE-2018-3968 was published May 13, 2022
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand... Moderate Unreviewed
CVE-2022-26510 was published May 13, 2022
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client High
GHSA-xh97-72ww-2w58 was published for com.google.oauth-client:google-oauth-client (Maven) May 4, 2022 withdrawn
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID,... Moderate Unreviewed
CVE-2005-2182 was published May 1, 2022
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag... Moderate Unreviewed
CVE-2005-2181 was published May 1, 2022
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not... Moderate Unreviewed
CVE-2002-1796 was published Apr 30, 2022
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal... Moderate Unreviewed
CVE-2002-1706 was published Apr 30, 2022
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu... Moderate Unreviewed
CVE-2012-2092 was published Apr 23, 2022
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the... Moderate Unreviewed
CVE-2011-3374 was published Apr 22, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun... High Unreviewed
CVE-2020-25166 was published Apr 15, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... High Unreviewed
CVE-2021-30066 was published Apr 5, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,... High Unreviewed
CVE-2021-32977 was published Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first... High Unreviewed
CVE-2015-3298 was published Mar 31, 2022
Firebase PHP-JWT key/algorithm type confusion Critical
CVE-2021-46743 was published for firebase/php-jwt (Composer) Mar 30, 2022
llupa
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Improper Verification of Cryptographic Signature in `node-forge` Moderate
CVE-2022-24773 was published for node-forge (npm) Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24772 was published for node-forge (npm) Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24771 was published for node-forge (npm) Mar 18, 2022
Failure to validate signature during handshake High
CVE-2022-24759 was published for @chainsafe/libp2p-noise (npm) Mar 18, 2022
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse... Moderate Unreviewed
CVE-2021-43393 was published Mar 5, 2022
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain... Moderate Unreviewed
CVE-2021-43392 was published Mar 5, 2022
Missing server signature validation in OctoberCMS Moderate
CVE-2022-23655 was published for october/system (Composer) Feb 24, 2022
ProTip! Advisories are also available from the GraphQL API