Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted... High Unreviewed
CVE-2018-7685 was published May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ... High Unreviewed
CVE-2018-6664 was published May 13, 2022
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC... Low Unreviewed
CVE-2018-1842 was published May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2018-15374 was published May 13, 2022
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the... Critical Unreviewed
CVE-2017-3198 was published May 13, 2022
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up... Moderate Unreviewed
CVE-2017-15090 was published May 13, 2022
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an... Moderate Unreviewed
CVE-2016-9604 was published May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2... High Unreviewed
CVE-2017-11400 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10... Critical Unreviewed
CVE-2017-2423 was published May 13, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed
CVE-2017-6445 was published May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the... High Unreviewed
CVE-2018-10988 was published May 13, 2022
Missing certificate validation in Apache JMeter Critical
CVE-2018-1287 was published for org.apache.jmeter:ApacheJMeter (Maven) May 13, 2022
Matrix Synapse Improper Signature Validation High
CVE-2018-16515 was published for matrix-synapse (pip) May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows... High Unreviewed
CVE-2018-18653 was published May 13, 2022
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High... Moderate Unreviewed
CVE-2018-5383 was published May 13, 2022
SimpleSAMLphp Improper Verification of Cryptographic Signature High
CVE-2018-7644 was published for simplesamlphp/saml2 (Composer) May 13, 2022
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary... Moderate Unreviewed
CVE-2018-15587 was published May 14, 2022
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control... High Unreviewed
CVE-2018-12019 was published May 14, 2022
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages... Moderate Unreviewed
CVE-2018-15586 was published May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2.... Critical Unreviewed
CVE-2018-12356 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature... High Unreviewed
CVE-2017-17848 was published May 14, 2022
SimpleSAMLphp Signature validation bypass High
CVE-2017-18122 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet... Critical Unreviewed
CVE-2018-5923 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database