Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark Critical
CVE-2026-45058 was published for electerm (npm) May 14, 2026
Curly-Haired-Baboon Credited to Curly-Haired-Baboon
Axios npm Supply Chain Incident Impacting @usebruno/cli Critical
CVE-2026-34841 was published for @usebruno/cli (npm) Apr 2, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,... Critical Unreviewed
CVE-2026-3000 was published Mar 2, 2026
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability,... Critical Unreviewed
CVE-2026-2999 was published Mar 2, 2026
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution... Critical Unreviewed
CVE-2026-27180 was published Feb 19, 2026
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within... Critical Unreviewed
CVE-2025-14265 was published Dec 11, 2025
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital... Critical Unreviewed
CVE-2025-56513 was published Sep 30, 2025
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An... Critical Unreviewed
CVE-2025-35115 was published Aug 27, 2025
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect... Critical Unreviewed
CVE-2025-53696 was published Jul 28, 2025
Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code... Critical Unreviewed
CVE-2025-28236 was published Apr 18, 2025
The product can be used to distribute malicious code using SDD Device Drivers due to missing... Critical Unreviewed
CVE-2025-27593 was published Mar 14, 2025
The ventilator does not perform proper file integrity checks when adopting firmware updates. This... Critical Unreviewed
CVE-2024-48974 was published Nov 15, 2024
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling... Critical Unreviewed
CVE-2024-45321 was published Aug 27, 2024
A vulnerability allows attackers to download source code or an executable from a remote location... Critical Unreviewed
CVE-2023-41921 was published Jul 2, 2024
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes... Critical Unreviewed
CVE-2024-28878 was published Apr 12, 2024
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files... Critical Unreviewed
CVE-2024-27438 was published Mar 21, 2024
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient... Critical Unreviewed
CVE-2023-45799 was published Oct 30, 2023
Synel Terminals - CWE-494: Download of Code Without Integrity Check Critical Unreviewed
CVE-2023-37220 was published Sep 3, 2023
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian... Critical Unreviewed
CVE-2023-40254 was published Aug 11, 2023
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of... Critical Unreviewed
CVE-2023-27574 was published Mar 4, 2023
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5... Critical Unreviewed
CVE-2020-22658 was published Jan 20, 2023
Certain General Electric Renewable Energy products download firmware without an integrity check.... Critical Unreviewed
CVE-2022-24117 was published Dec 26, 2022
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient... Critical Unreviewed
CVE-2022-30315 was published Jul 29, 2022
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd... Critical Unreviewed
CVE-2020-7873 was published May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel Credited to westonsteimel, NotMyFault, and tdunlap607 NotMyFault NotMyFault
tdunlap607 tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database