GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
Authentication Bypass by Spoofing in express-cart
High
CVE-2018-16483
was published
for
express-cart
(npm)
Feb 7, 2019
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
When exiting fullscreen mode, an iframe could have confused the browser about the current state...
Moderate
Unreviewed
CVE-2022-31738
was published
Dec 22, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP...
Critical
Unreviewed
CVE-2020-22001
was published
May 24, 2022
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are...
High
Unreviewed
CVE-2022-22476
was published
Jul 9, 2022
The authentication mechanism used by technicians on the tested version of Dominion Voting Systems...
High
Unreviewed
CVE-2022-1745
was published
Jun 25, 2022
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit...
Moderate
Unreviewed
CVE-2022-32983
was published
Jun 21, 2022
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a...
Moderate
Unreviewed
CVE-2022-1495
was published
Jul 27, 2022
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a...
Moderate
Unreviewed
CVE-2022-1306
was published
Jul 26, 2022
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88...
Moderate
Unreviewed
CVE-2022-1307
was published
Jul 26, 2022
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896...
Moderate
Unreviewed
CVE-2022-1129
was published
Jul 24, 2022
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads...
High
Unreviewed
CVE-2022-2324
was published
Jul 30, 2022
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x...
Critical
Unreviewed
CVE-2022-2310
was published
Jul 28, 2022
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted...
Moderate
Unreviewed
CVE-2017-12096
was published
May 13, 2022
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass...
Moderate
Unreviewed
CVE-2019-20790
was published
May 24, 2022
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass...
High
Unreviewed
CVE-2022-4098
was published
Dec 13, 2022
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed...
Moderate
Unreviewed
CVE-2019-13708
was published
May 24, 2022
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70...
Moderate
Unreviewed
CVE-2019-13703
was published
May 24, 2022
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a...
Moderate
Unreviewed
CVE-2019-13704
was published
May 24, 2022
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote...
Moderate
Unreviewed
CVE-2019-13701
was published
May 24, 2022
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70...
Moderate
Unreviewed
CVE-2019-13715
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API