Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

545 advisories

Loading
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16253 was published May 14, 2022
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x... Moderate Unreviewed
CVE-2018-0501 was published May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine... Critical Unreviewed
CVE-2018-8955 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16149 was published May 14, 2022
A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019... Moderate Unreviewed
CVE-2018-18203 was published May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet... Critical Unreviewed
CVE-2018-5923 was published May 14, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control... High Unreviewed
CVE-2018-12019 was published May 14, 2022
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary... Moderate Unreviewed
CVE-2018-15587 was published May 14, 2022
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages... Moderate Unreviewed
CVE-2018-15586 was published May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2.... Critical Unreviewed
CVE-2018-12356 was published May 14, 2022
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High... Moderate Unreviewed
CVE-2018-5383 was published May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows... High Unreviewed
CVE-2018-18653 was published May 13, 2022
Missing certificate validation in Apache JMeter Critical
CVE-2018-1287 was published for org.apache.jmeter:ApacheJMeter (Maven) May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the... High Unreviewed
CVE-2018-10988 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10... Critical Unreviewed
CVE-2017-2423 was published May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2... High Unreviewed
CVE-2017-11400 was published May 13, 2022
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Credited to artsploit, pwntester, sylwia-budzynska, p-, Kwstubbs, and jorgectf
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the... Critical Unreviewed
CVE-2017-3198 was published May 13, 2022
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an... Moderate Unreviewed
CVE-2016-9604 was published May 13, 2022
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up... Moderate Unreviewed
CVE-2017-15090 was published May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2018-15374 was published May 13, 2022
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC... Low Unreviewed
CVE-2018-1842 was published May 13, 2022
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted... High Unreviewed
CVE-2018-7685 was published May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ... High Unreviewed
CVE-2018-6664 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database