GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113 advisories
Filter by severity
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23762
was published
Jul 6, 2023
Apache OpenMeetings insufficient authorization vulnerability
Moderate
CVE-2023-28936
was published
for
org.apache.openmeetings:openmeetings-db
(Maven)
Jul 6, 2023
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at...
Moderate
Unreviewed
CVE-2023-26590
was published
Jul 10, 2023
A floating point exception vulnerability was found in sox, in the read_samples function at sox...
Moderate
Unreviewed
CVE-2023-32627
was published
Jul 10, 2023
Experion server may experience a DoS due to a stack overflow when handling a specially crafted...
High
Unreviewed
CVE-2023-22435
was published
Jul 13, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-33225
was published
Jul 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23843
was published
Jul 26, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23844
was published
Jul 26, 2023
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed...
High
Unreviewed
CVE-2023-23764
was published
Jul 27, 2023
Apache NiFi Insufficient Property Validation vulnerability
Moderate
CVE-2023-40037
was published
for
org.apache.nifi:nifi-dbcp-base
(Maven)
Aug 19, 2023
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23765
was published
Aug 31, 2023
Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin
High
CVE-2023-41935
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
Sep 6, 2023
Jenkins Google Login Plugin non-constant time token comparison
High
CVE-2023-41936
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Sep 6, 2023
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator...
High
Unreviewed
CVE-2023-40271
was published
Sep 8, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23845
was published
Sep 14, 2023
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This...
High
Unreviewed
CVE-2023-23840
was published
Sep 14, 2023
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2023-23766
was published
Sep 22, 2023
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable...
Moderate
Unreviewed
CVE-2015-6964
was published
Sep 25, 2023
gnark unsoundness in variable comparison / non-unique binary decomposition
Moderate
CVE-2023-44378
was published
for
github.com/consensys/gnark
(Go)
Oct 4, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream...
High
Unreviewed
CVE-2023-46009
was published
Oct 18, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API