GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113 advisories
Filter by severity
Insecure Comparison in secure-compare
High
CVE-2015-9238
was published
for
secure-compare
(npm)
Jun 3, 2019
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2022-43621
was published
Mar 29, 2023
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
Moderate
Unreviewed
CVE-2022-4293
was published
Dec 5, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2022-27645
was published
Mar 29, 2023
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using...
Moderate
Unreviewed
CVE-2021-40562
was published
Jan 13, 2022
A limited authentication bypass vulnerability was discovered that could allow an attacker to...
High
Unreviewed
CVE-2022-22990
was published
Jan 14, 2022
Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An...
Moderate
Unreviewed
CVE-2022-34402
was published
Oct 11, 2022
Incorrect Comparison in sodiumoxide
Critical
CVE-2019-25002
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack
High
CVE-2021-42836
was published
for
github.com/tidwall/gjson
(Go)
Oct 25, 2021
Inefficient Regular Expression Complexity in chalk/ansi-regex
High
CVE-2021-3807
was published
for
ansi-regex
(npm)
Sep 20, 2021
Dynamic Linq vulnerable to remote code execution
Critical
CVE-2023-32571
was published
for
System.Linq.Dynamic.Core
(NuGet)
Jun 22, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
Apache OpenMeetings insufficient authorization vulnerability
Moderate
CVE-2023-28936
was published
for
org.apache.openmeetings:openmeetings-db
(Maven)
Jul 6, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-33225
was published
Jul 26, 2023
uri-template-lite Regular Expression Denial of Service
Moderate
CVE-2021-43309
was published
for
uri-template-lite
(npm)
Aug 25, 2022
Regular Expression Denial of Service in jsoneditor
Moderate
CVE-2021-3822
was published
for
jsoneditor
(npm)
Sep 29, 2021
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23845
was published
Sep 14, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23840
was published
Sep 14, 2023
ProTip!
Advisories are also available from the
GraphQL API