Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to... Moderate Unreviewed
CVE-2021-39090 was published Feb 29, 2024
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography... High Unreviewed
CVE-2024-0220 was published Feb 22, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore Moderate
CVE-2024-25631 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro Credited to gandro and giorio94 giorio94 giorio94
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed
CVE-2023-4537 was published Feb 15, 2024
1Panel set-cookie is missing the Secure keyword Low
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
anonymous-nlp-student Credited to anonymous-nlp-student
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create... Moderate Unreviewed
CVE-2023-50129 was published Jan 11, 2024
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow... Moderate Unreviewed
CVE-2023-50126 was published Jan 11, 2024
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-38267 was published Jan 11, 2024
Google Nest WiFi Pro root code-execution & user-data compromise Critical Unreviewed
CVE-2023-6339 was published Jan 3, 2024
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. High Unreviewed
CVE-2023-33037 was published Jan 2, 2024
When saving HSTS data to an excessively long file name, curl could end up removing all contents,... Moderate Unreviewed
CVE-2023-46219 was published Dec 12, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of... Moderate Unreviewed
CVE-2023-42019 was published Dec 1, 2023
Vulnerability of missing encryption in the card management module. Successful exploitation of... High Unreviewed
CVE-2023-44098 was published Nov 8, 2023
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive... Moderate Unreviewed
CVE-2023-33228 was published Nov 1, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM ... Moderate Unreviewed
CVE-2023-41096 was published Oct 26, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ... Critical Unreviewed
CVE-2023-41095 was published Oct 26, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before... High Unreviewed
CVE-2023-33837 was published Oct 23, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22386 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22377 was published Oct 17, 2023
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-33161 was published Oct 14, 2023
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN... Moderate Unreviewed
CVE-2023-23371 was published Oct 6, 2023
Croc requires senders to provide local IP addresses in cleartext Moderate
CVE-2023-43618 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz Credited to schollz
Push notifications stored on disk in private browsing mode were not being encrypted potentially... Moderate Unreviewed
CVE-2023-4580 was published Sep 11, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to... High Unreviewed
CVE-2022-22401 was published Sep 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database