Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in... High Unreviewed
CVE-2024-21460 was published Jul 1, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th... High Unreviewed
CVE-2024-25943 was published Jun 29, 2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All... High Unreviewed
CVE-2024-35292 was published Jun 11, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon... High Unreviewed
CVE-2020-1472 was published May 24, 2022
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of... High Unreviewed
CVE-2023-34353 was published Sep 5, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ... High Unreviewed
CVE-2020-27213 was published Oct 10, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of... High Unreviewed
CVE-2023-1385 was published Jul 6, 2023
Use of insufficiently random values vulnerability in User Management Functionality in Synology... High Unreviewed
CVE-2023-2729 was published Jun 13, 2023
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker... High Unreviewed
CVE-2023-1898 was published Jun 12, 2023
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default... High Unreviewed
CVE-2023-30797 was published Apr 19, 2023
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including... High Unreviewed
CVE-2019-11641 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses... High Unreviewed
CVE-2008-0087 was published May 1, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business... High Unreviewed
CVE-2008-2433 was published May 1, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently... High Unreviewed
CVE-2009-2158 was published May 2, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
ProTip! Advisories are also available from the GraphQL API