Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the... Critical Unreviewed
CVE-2022-36130 was published Sep 2, 2022
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during... High Unreviewed
CVE-2022-38625 was published Aug 30, 2022
Incorrect header handling in mod-wsgi High
CVE-2022-2255 was published for mod-wsgi (pip) Aug 26, 2022
It was found that a specially crafted LUKS header could trick cryptsetup into disabling... Moderate Unreviewed
CVE-2021-4122 was published Aug 25, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353... High Unreviewed
CVE-2022-2793 was published Aug 20, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345... Moderate Unreviewed
CVE-2022-2789 was published Aug 20, 2022
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.... High Unreviewed
CVE-2022-30262 was published Aug 18, 2022
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem... Critical Unreviewed
CVE-2022-30264 was published Aug 17, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a... Moderate Unreviewed
CVE-2020-1755 was published Aug 17, 2022
The recovery module has a vulnerability of bypassing the verification of an update package before... High Unreviewed
CVE-2022-37008 was published Aug 11, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the... Critical Unreviewed
CVE-2022-29958 was published Jul 27, 2022
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom... High Unreviewed
CVE-2022-30269 was published Jul 27, 2022
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the... High Unreviewed
CVE-2022-30272 was published Jul 27, 2022
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause... High Unreviewed
CVE-2022-34763 was published Jul 14, 2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated... Moderate Unreviewed
CVE-2022-31598 was published Jul 13, 2022
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML... High Unreviewed
CVE-2015-5236 was published Jul 8, 2022
A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the... High Unreviewed
CVE-2022-20829 was published Jun 25, 2022
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS... Critical Unreviewed
CVE-2022-31801 was published Jun 22, 2022
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS... Critical Unreviewed
CVE-2022-31800 was published Jun 22, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The... High Unreviewed
CVE-2022-32252 was published Jun 15, 2022
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server... Critical Unreviewed
CVE-2022-31813 was published Jun 10, 2022
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity... Moderate Unreviewed
CVE-2022-28385 was published Jun 9, 2022
Lack of root file system integrity checking in Fortinet FortiOS VM application images all... Moderate Unreviewed
CVE-2019-5587 was published May 24, 2022
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently... High Unreviewed
CVE-2021-26315 was published May 24, 2022
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if... Critical Unreviewed
CVE-2021-43616 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database