GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,562
Composer 4,198
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,702
NuGet 660
pip 3,328
Pub 11
RubyGems 883
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 233,892

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

130 advisories

Filter by severity

Sort by

Least recently updated

A firmware update vulnerability exists in the "update" firmware checks functionality of... High Unreviewed

CVE-2022-21134 was published Jan 29, 2022

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,... High Unreviewed

CVE-2021-32977 was published Apr 5, 2022

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... High Unreviewed

CVE-2021-30066 was published Apr 5, 2022

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first... High Unreviewed

CVE-2015-3298 was published Mar 31, 2022

An improper verification of the cryptographic signature of firmware updates of the B. Braun... High Unreviewed

CVE-2020-25166 was published Apr 15, 2022

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure... High Unreviewed

CVE-2021-1366 was published May 24, 2022

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of... High Unreviewed

CVE-2020-23533 was published May 24, 2022

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed

CVE-2014-9934 was published May 17, 2022

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed

CVE-2022-38178 was published Sep 22, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed

CVE-2022-38177 was published Sep 22, 2022

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the... High Unreviewed

CVE-2019-16732 was published May 24, 2022

A vulnerability exists that could allow the execution of unauthorized code or operating system... High Unreviewed

CVE-2020-9047 was published May 24, 2022

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the... High Unreviewed

CVE-2020-10126 was published May 24, 2022

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened... High Unreviewed

CVE-2020-26540 was published May 24, 2022

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017... High Unreviewed

CVE-2020-24429 was published May 24, 2022

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via... High Unreviewed

CVE-2020-26122 was published May 24, 2022

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires... High Unreviewed

CVE-2020-28045 was published May 24, 2022

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without... High Unreviewed

CVE-2020-23967 was published May 24, 2022

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the... High Unreviewed

CVE-2021-1453 was published May 24, 2022

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of... High Unreviewed

CVE-2020-36284 was published May 24, 2022

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco... High Unreviewed

CVE-2021-1375 was published May 24, 2022

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of... High Unreviewed

CVE-2020-36285 was published May 24, 2022

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any... High Unreviewed

CVE-2021-33054 was published May 24, 2022

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This... High Unreviewed

CVE-2021-3445 was published May 24, 2022

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX)... High Unreviewed

CVE-2021-22734 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

130 advisories