Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

446 advisories

Loading
Unencrypted ingress/health traffic when using Wireguard transparent encryption Moderate
CVE-2024-25630 was published for github.com/cilium/cilium (Go) Feb 20, 2024
gandro giorio94
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed
CVE-2023-4537 was published Feb 15, 2024
1Panel set-cookie is missing the Secure keyword Moderate
CVE-2024-24768 was published for github.com/1Panel-dev/1Panel (Go) Feb 5, 2024
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow... Moderate Unreviewed
CVE-2023-50126 was published Jan 11, 2024
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create... Moderate Unreviewed
CVE-2023-50129 was published Jan 11, 2024
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0... Moderate Unreviewed
CVE-2023-38267 was published Jan 11, 2024
Google Nest WiFi Pro root code-execution & user-data compromise Critical Unreviewed
CVE-2023-6339 was published Jan 3, 2024
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. High Unreviewed
CVE-2023-33037 was published Jan 2, 2024
When saving HSTS data to an excessively long file name, curl could end up removing all contents,... Moderate Unreviewed
CVE-2023-46219 was published Dec 12, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of... Moderate Unreviewed
CVE-2023-42019 was published Dec 1, 2023
Vulnerability of missing encryption in the card management module. Successful exploitation of... High Unreviewed
CVE-2023-44098 was published Nov 8, 2023
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive... Moderate Unreviewed
CVE-2023-33228 was published Nov 1, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM ... Critical Unreviewed
CVE-2023-41095 was published Oct 26, 2023
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM ... Moderate Unreviewed
CVE-2023-41096 was published Oct 26, 2023
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before... High Unreviewed
CVE-2023-33837 was published Oct 23, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22386 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2022-22377 was published Oct 17, 2023
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2022-33161 was published Oct 14, 2023
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN... Moderate Unreviewed
CVE-2023-23371 was published Oct 6, 2023
Croc requires senders to provide local IP addresses in cleartext Moderate
CVE-2023-43618 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
Push notifications stored on disk in private browsing mode were not being encrypted potentially... Moderate Unreviewed
CVE-2023-4580 was published Sep 11, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to... High Unreviewed
CVE-2022-22401 was published Sep 9, 2023
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by... Moderate Unreviewed
CVE-2022-22405 was published Sep 8, 2023
IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain... Low Unreviewed
CVE-2023-33833 was published Aug 31, 2023
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to... High Unreviewed
CVE-2023-4420 was published Aug 24, 2023
ProTip! Advisories are also available from the GraphQL API