GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
High
GHSA-7fpw-cfc4-3p2c
was published
for
passport-wsfed-saml2
(npm)
Dec 28, 2017
•
withdrawn
Authentication Bypass by Spoofing in express-cart
High
CVE-2018-16483
was published
for
express-cart
(npm)
Feb 7, 2019
omniauth-apple allows attacker to fake their email address during authentication
High
CVE-2020-26254
was published
for
omniauth-apple
(RubyGems)
Dec 8, 2020
Authentication Bypass
High
CVE-2021-29441
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Microsoft Edge for iOS Spoofing Vulnerability
High
Unreviewed
CVE-2021-43220
was published
Nov 25, 2021
HTTP Method Spoofing
High
CVE-2021-43807
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Windows AppX Installer Spoofing Vulnerability
High
Unreviewed
CVE-2021-43890
was published
Dec 16, 2021
Authentication Bypass in Apache Cassandra
High
CVE-2020-17516
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 9, 2022
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server...
High
Unreviewed
CVE-2022-26505
was published
Mar 7, 2022
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820...
High
Unreviewed
CVE-2009-1048
was published
May 2, 2022
An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of...
High
Unreviewed
CVE-2022-25989
was published
May 6, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
High
CVE-2018-7160
was published
for
node-inspector
(npm)
May 13, 2022
•
withdrawn
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2...
High
Unreviewed
CVE-2018-12331
was published
May 13, 2022
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7...
High
Unreviewed
CVE-2019-0283
was published
May 13, 2022
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier...
High
Unreviewed
CVE-2017-11717
was published
May 13, 2022
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2...
High
Unreviewed
CVE-2017-18190
was published
May 13, 2022
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and...
High
Unreviewed
CVE-2017-6405
was published
May 13, 2022
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by...
High
Unreviewed
CVE-2017-8422
was published
May 13, 2022
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
High
Unreviewed
CVE-2018-15588
was published
May 13, 2022
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass...
High
Unreviewed
CVE-2019-16378
was published
May 24, 2022
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for...
High
Unreviewed
CVE-2019-15022
was published
May 24, 2022
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP...
High
Unreviewed
CVE-2020-28856
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API