Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
A vulnerability allows attackers to download source code or an executable from a remote location... Critical Unreviewed
CVE-2023-41921 was published Jul 2, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... High Unreviewed
CVE-2024-30206 was published May 14, 2024
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the... High Unreviewed
CVE-2024-33118 was published May 6, 2024
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2023-39474 was published May 3, 2024
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes... Critical Unreviewed
CVE-2024-28878 was published Apr 12, 2024
WP Crontrol vulnerable to possible RCE when combined with a pre-condition High
CVE-2024-28850 was published for johnbillion/wp-crontrol (Composer) Mar 25, 2024
johnbillion calvinalkan
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files... Critical Unreviewed
CVE-2024-27438 was published Mar 21, 2024
An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows... High Unreviewed
CVE-2023-47353 was published Feb 6, 2024
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs... High Unreviewed
CVE-2023-46143 was published Dec 14, 2023
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX... High Unreviewed
CVE-2023-5592 was published Dec 14, 2023
A download of code without integrity check vulnerability in PLCnext products allows an remote... High Unreviewed
CVE-2023-46144 was published Dec 14, 2023
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a... Moderate Unreviewed
CVE-2023-5630 was published Dec 14, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of... High Unreviewed
CVE-2023-45840 was published Dec 5, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of... High Unreviewed
CVE-2023-45838 was published Dec 5, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of... High Unreviewed
CVE-2023-45839 was published Dec 5, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of... High Unreviewed
CVE-2023-45842 was published Dec 5, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of... High Unreviewed
CVE-2023-45841 was published Dec 5, 2023
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023... High Unreviewed
CVE-2023-43608 was published Dec 5, 2023
In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File... High Unreviewed
CVE-2023-46887 was published Nov 29, 2023
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow... High Unreviewed
CVE-2023-5984 was published Nov 15, 2023
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient... Critical Unreviewed
CVE-2023-45799 was published Oct 30, 2023
Artifact Hub has Incorrect Docker Hub registry check Moderate
CVE-2023-45821 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Synel Terminals - CWE-494: Download of Code Without Integrity Check Critical Unreviewed
CVE-2023-37220 was published Sep 3, 2023
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian... Critical Unreviewed
CVE-2023-40254 was published Aug 11, 2023
ProTip! Advisories are also available from the GraphQL API