GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
387 advisories
Filter by severity
A vulnerability exists in the Relion update package signature validation. A tampered update...
Moderate
Unreviewed
CVE-2022-3864
was published
Jan 4, 2024
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23436
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23432
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23433
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23431
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23435
was published
Dec 29, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated...
Moderate
Unreviewed
CVE-2023-49646
was published
Dec 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20567
was published
Nov 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20568
was published
Nov 14, 2023
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
Moderate
CVE-2023-47122
was published
for
github.com/sigstore/gitsign
(Go)
Nov 14, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...
High
Unreviewed
CVE-2023-34058
was published
Oct 27, 2023
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
Moderate
Unreviewed
CVE-2023-28804
was published
Oct 23, 2023
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
High
Unreviewed
CVE-2023-28796
was published
Oct 23, 2023
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an...
High
Unreviewed
CVE-2022-25333
was published
Oct 19, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating...
High
Unreviewed
CVE-2023-43611
was published
Oct 10, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile...
High
Unreviewed
CVE-2023-40727
was published
Sep 14, 2023
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated,...
High
Unreviewed
CVE-2023-20135
was published
Sep 13, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2023-41744
was published
Aug 31, 2023
ProTip!
Advisories are also available from the
GraphQL API