Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile Moderate
CVE-2026-48995 was published for pnpm (npm) Jun 26, 2026
dsherret Credited to dsherret
Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0,... High Unreviewed
CVE-2026-7574 was published Jun 24, 2026
PHP JWT Framework: Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption Moderate
GHSA-6vvh-pxr4-25r7 was published for web-token/jwt-experimental (Composer) Jun 18, 2026
electerm's encrypt method not safe enough Moderate
CVE-2026-45787 was published for electerm (npm) May 14, 2026
amwhoi Credited to amwhoi
A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial... Moderate Unreviewed
CVE-2026-33261 was published Apr 22, 2026
OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification Moderate
CVE-2026-42428 was published for openclaw (npm) Apr 9, 2026
kexinoh Credited to kexinoh
IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or... Moderate Unreviewed
CVE-2026-3856 was published Mar 18, 2026
Striae has a hash validation utility vulnerability High
CVE-2026-31839 was published for @striae-org/striae (npm) Mar 11, 2026
StephenJLu Credited to StephenJLu
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user... Moderate Unreviewed
CVE-2025-10010 was published Feb 24, 2026
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account... High Unreviewed
CVE-2025-15364 was published Jan 6, 2026
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or... High Unreviewed
CVE-2024-46917 was published Aug 29, 2025
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that... High Unreviewed
CVE-2025-48500 was published Aug 13, 2025
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows... Moderate Unreviewed
CVE-2025-48803 was published Jul 8, 2025
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows... Moderate Unreviewed
CVE-2025-48811 was published Jul 8, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a... Moderate Unreviewed
CVE-2025-32890 was published May 2, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a... Moderate Unreviewed
CVE-2025-32882 was published May 2, 2025
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional... Moderate Unreviewed
CVE-2024-47123 was published Sep 26, 2024
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any... Moderate Unreviewed
CVE-2024-43108 was published Sep 26, 2024
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0... Moderate Unreviewed
CVE-2023-28865 was published Aug 8, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS... High Unreviewed
CVE-2024-27817 was published Jun 10, 2024
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical... High Unreviewed
CVE-2023-32475 was published Jun 7, 2024
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream... High Unreviewed
CVE-2022-24404 was published Oct 19, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-29290 was published for magento/community-edition (Composer) Jun 15, 2023
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353... High Unreviewed
CVE-2022-2793 was published Aug 20, 2022
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier)... Moderate Unreviewed
CVE-2021-28545 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database