GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier)...
Low
Unreviewed
CVE-2020-24439
was published
May 24, 2022
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC...
Low
Unreviewed
CVE-2018-1842
was published
May 13, 2022
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Unreviewed
CVE-2024-21383
was published
Jan 26, 2024
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows...
Low
Unreviewed
CVE-2020-1464
was published
May 24, 2022
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Low
CVE-2024-45384
was published
for
org.apache.druid.extensions:druid-pac4j
(Maven)
Sep 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16...
Low
Unreviewed
CVE-2023-2030
was published
Jan 12, 2024
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Low
CVE-2024-51744
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Nov 4, 2024
Incorrect signature verification in django-ses
Low
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
ProTip!
Advisories are also available from the
GraphQL API