GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11071
was published
for
slpjs
(npm)
May 12, 2020
False-negative validation results in MINT transactions with invalid baton
Critical
CVE-2020-11072
was published
for
slp-validate
(npm)
May 12, 2020
False-positive validity for NFT1 genesis transactions in SLPJS
Critical
CVE-2020-15130
was published
for
slpjs
(npm)
Jul 30, 2020
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
Incorrect Comparison in sodiumoxide
Critical
CVE-2019-25002
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL
Critical
Unreviewed
CVE-2020-25696
was published
Feb 15, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where...
Critical
Unreviewed
CVE-2020-23360
was published
May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for...
Critical
Unreviewed
CVE-2020-23361
was published
May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because...
Critical
Unreviewed
CVE-2020-23359
was published
May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password...
Critical
Unreviewed
CVE-2021-3833
was published
May 24, 2022
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a...
Critical
Unreviewed
CVE-2021-27786
was published
Jun 10, 2022
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic....
Critical
Unreviewed
CVE-2014-125057
was published
Jan 7, 2023
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows...
Critical
Unreviewed
CVE-2022-47034
was published
Feb 14, 2023
Dynamic Linq vulnerable to remote code execution
Critical
CVE-2023-32571
was published
for
System.Linq.Dynamic.Core
(NuGet)
Jun 22, 2023
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Critical
CVE-2023-45133
was published
for
@babel/traverse
(npm)
Oct 16, 2023
ServiceNow has addressed an input validation vulnerability that was identified in the Washington...
Critical
Unreviewed
CVE-2024-5217
was published
Jul 10, 2024
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset...
Critical
Unreviewed
CVE-2024-24621
was published
Jul 26, 2024
ProTip!
Advisories are also available from the
GraphQL API