GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then...
Moderate
Unreviewed
CVE-2023-31438
was published
Jun 13, 2023
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a...
Moderate
Unreviewed
CVE-2023-31439
was published
Jun 13, 2023
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in...
Moderate
Unreviewed
CVE-2023-31437
was published
Jun 13, 2023
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private...
Moderate
Unreviewed
CVE-2023-33981
was published
May 24, 2023
Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00...
High
Unreviewed
CVE-2023-30356
was published
May 10, 2023
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic....
Moderate
Unreviewed
CVE-2016-15028
was published
Mar 12, 2023
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a...
High
Unreviewed
CVE-2022-45142
was published
Mar 7, 2023
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can...
Moderate
Unreviewed
CVE-2022-45191
was published
Feb 8, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update...
Moderate
Unreviewed
CVE-2023-23120
was published
Feb 2, 2023
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update...
Moderate
Unreviewed
CVE-2023-23119
was published
Feb 2, 2023
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2...
Moderate
Unreviewed
CVE-2022-46402
was published
Dec 20, 2022
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi...
Moderate
Unreviewed
CVE-2022-38956
was published
Sep 21, 2022
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi...
High
Unreviewed
CVE-2022-38955
was published
Sep 21, 2022
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux...
High
Unreviewed
CVE-2022-36174
was published
Sep 13, 2022
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3...
High
Unreviewed
CVE-2022-39844
was published
Sep 10, 2022
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074...
High
Unreviewed
CVE-2022-39845
was published
Sep 10, 2022
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full...
High
Unreviewed
CVE-2022-29549
was published
Aug 19, 2022
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
High
CVE-2022-35961
was published
for
@openzeppelin/contracts
(npm)
Aug 18, 2022
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity....
Moderate
Unreviewed
CVE-2022-30316
was published
Jul 29, 2022
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for...
Moderate
Unreviewed
CVE-2022-33711
was published
Jul 13, 2022
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page)...
Critical
Unreviewed
CVE-2022-31266
was published
Jun 30, 2022
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C...
High
Unreviewed
CVE-2021-37182
was published
Jun 15, 2022
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead...
High
Unreviewed
CVE-2022-21757
was published
Jun 7, 2022
Improper Validation of Integrity Check Value in go-tuf
High
CVE-2022-29173
was published
for
github.com/theupdateframework/go-tuf
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API