Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,167
Maven
5,000+
npm
3,830
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
906
Swift
38
Unreviewed advisories
All unreviewed
5,000+

329 advisories

Loading
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful... High Unreviewed
CVE-2023-44117 was published Jan 16, 2024
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and... Critical Unreviewed
CVE-2023-51350 was published Jan 12, 2024
Multiple Cisco products are affected by a vulnerability in Snort access control policies that... Moderate Unreviewed
CVE-2023-20246 was published Nov 1, 2023
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2023-20245 was published Nov 1, 2023
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ... Moderate Unreviewed
CVE-2023-20256 was published Nov 1, 2023
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local... Moderate Unreviewed
CVE-2023-6044 was published Jan 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability High Unreviewed
CVE-2021-42308 was published May 24, 2022
Microsoft Edge for iOS Spoofing Vulnerability High Unreviewed
CVE-2021-43220 was published Nov 25, 2021
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. Low Unreviewed
CVE-2021-42320 was published Feb 11, 2022
Windows Hello Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-34466 was published May 24, 2022
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server... High Unreviewed
CVE-2022-26505 was published Mar 7, 2022
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a... High Unreviewed
CVE-2023-6263 was published Nov 22, 2023
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to... High Unreviewed
CVE-2023-3103 was published Nov 22, 2023
Vulnerability of identity verification being bypassed in the face unlock module. Successful... Critical Unreviewed
CVE-2023-5801 was published Nov 8, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows... Critical Unreviewed
CVE-2023-4178 was published Sep 5, 2023
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka ... Moderate Unreviewed
CVE-2019-1357 was published May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka... Moderate Unreviewed
CVE-2019-0608 was published May 24, 2022
Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate Unreviewed
CVE-2023-21794 was published Feb 14, 2023
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding High
CVE-2018-7160 was published for node-inspector (npm) May 13, 2022 withdrawn
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it.... High Unreviewed
CVE-2022-32744 was published Aug 26, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database