GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
134 advisories
Filter by severity
CPAN 2.28 allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16156
was published
Dec 14, 2021
A firmware update vulnerability exists in the "update" firmware checks functionality of...
High
Unreviewed
CVE-2022-21134
was published
Jan 29, 2022
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16154
was published
Feb 10, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2022-24115
was published
Feb 11, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first...
High
Unreviewed
CVE-2015-3298
was published
Mar 31, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,...
High
Unreviewed
CVE-2021-32977
was published
Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
High
Unreviewed
CVE-2021-30066
was published
Apr 5, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun...
High
Unreviewed
CVE-2020-25166
was published
Apr 15, 2022
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...
High
Unreviewed
CVE-2013-3900
was published
May 3, 2022
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from...
High
Unreviewed
CVE-2018-3968
was published
May 13, 2022
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal...
High
Unreviewed
CVE-2018-7340
was published
May 13, 2022
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions),...
High
Unreviewed
CVE-2018-16557
was published
May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and...
High
Unreviewed
CVE-2018-16152
was published
May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and...
High
Unreviewed
CVE-2018-16151
was published
May 13, 2022
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted...
High
Unreviewed
CVE-2018-7685
was published
May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ...
High
Unreviewed
CVE-2018-6664
was published
May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2018-15374
was published
May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2...
High
Unreviewed
CVE-2017-11400
was published
May 13, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and...
High
Unreviewed
CVE-2017-6445
was published
May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the...
High
Unreviewed
CVE-2018-10988
was published
May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows...
High
Unreviewed
CVE-2018-18653
was published
May 13, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control...
High
Unreviewed
CVE-2018-12019
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature...
High
Unreviewed
CVE-2017-17848
was published
May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA...
High
Unreviewed
CVE-2018-15836
was published
May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block...
High
Unreviewed
CVE-2018-3756
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API