GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,878
Composer 4,266
Erlang 31
GitHub Actions 21
Go 2,035
Maven 5,219
npm 3,732
NuGet 662
pip 3,413
Pub 12
RubyGems 891
Rust 865
Swift 36

Unreviewed advisories

All unreviewed 237,817

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

277 advisories

Filter by severity

Sort by

Least recently updated

A firmware update vulnerability exists in the "update" firmware checks functionality of... High Unreviewed

CVE-2022-21134 was published Jan 29, 2022

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,... High Unreviewed

CVE-2021-32977 was published Apr 5, 2022

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... High Unreviewed

CVE-2021-30066 was published Apr 5, 2022

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first... High Unreviewed

CVE-2015-3298 was published Mar 31, 2022

An improper verification of the cryptographic signature of firmware updates of the B. Braun... High Unreviewed

CVE-2020-25166 was published Apr 15, 2022

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed

CVE-2021-21474 was published May 24, 2022

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus... Critical Unreviewed

CVE-2021-37160 was published May 24, 2022

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure... High Unreviewed

CVE-2021-1366 was published May 24, 2022

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of... High Unreviewed

CVE-2020-23533 was published May 24, 2022

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java)... Moderate Unreviewed

CVE-2017-10669 was published May 17, 2022

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed

CVE-2014-9934 was published May 17, 2022

The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)... Critical Unreviewed

CVE-2022-31206 was published Jul 27, 2022

The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18... Critical Unreviewed

CVE-2022-31207 was published Jul 27, 2022

A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed

CVE-2022-20944 was published Oct 11, 2022

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed

CVE-2022-38178 was published Sep 22, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed

CVE-2022-38177 was published Sep 22, 2022

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed

CVE-2022-47549 was published Dec 19, 2022

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the... High Unreviewed

CVE-2019-16732 was published May 24, 2022

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer... Moderate Unreviewed

CVE-2020-12244 was published May 24, 2022

A vulnerability exists that could allow the execution of unauthorized code or operating system... High Unreviewed

CVE-2020-9047 was published May 24, 2022

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the... High Unreviewed

CVE-2020-10126 was published May 24, 2022

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347... Moderate Unreviewed

CVE-2022-2790 was published Aug 20, 2022

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot... Moderate Unreviewed

CVE-2020-15705 was published May 24, 2022

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass... Critical Unreviewed

CVE-2020-12676 was published May 24, 2022

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an... Moderate Unreviewed

CVE-2019-1736 was published May 24, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

277 advisories