GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow...
Moderate
Unreviewed
CVE-2019-1615
was published
May 13, 2022
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted...
High
Unreviewed
CVE-2018-7685
was published
May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ...
High
Unreviewed
CVE-2018-6664
was published
May 13, 2022
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC...
Low
Unreviewed
CVE-2018-1842
was published
May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2018-15374
was published
May 13, 2022
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the...
Critical
Unreviewed
CVE-2017-3198
was published
May 13, 2022
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up...
Moderate
Unreviewed
CVE-2017-15090
was published
May 13, 2022
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an...
Moderate
Unreviewed
CVE-2016-9604
was published
May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2...
High
Unreviewed
CVE-2017-11400
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2017-2423
was published
May 13, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and...
High
Unreviewed
CVE-2017-6445
was published
May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the...
High
Unreviewed
CVE-2018-10988
was published
May 13, 2022
Missing certificate validation in Apache JMeter
Critical
CVE-2018-1287
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
May 13, 2022
Matrix Synapse Improper Signature Validation
High
CVE-2018-16515
was published
for
matrix-synapse
(pip)
May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows...
High
Unreviewed
CVE-2018-18653
was published
May 13, 2022
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High...
Moderate
Unreviewed
CVE-2018-5383
was published
May 13, 2022
SimpleSAMLphp Improper Verification of Cryptographic Signature
High
CVE-2018-7644
was published
for
simplesamlphp/saml2
(Composer)
May 13, 2022
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary...
Moderate
Unreviewed
CVE-2018-15587
was published
May 14, 2022
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages...
Moderate
Unreviewed
CVE-2018-15586
was published
May 14, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control...
High
Unreviewed
CVE-2018-12019
was published
May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2....
Critical
Unreviewed
CVE-2018-12356
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature...
High
Unreviewed
CVE-2017-17848
was published
May 14, 2022
SimpleSAMLphp Signature validation bypass
High
CVE-2017-18122
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API