Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,802
Erlang
36
GitHub Actions
29
Go
2,386
Maven
5,000+
npm
4,016
NuGet
720
pip
3,811
Pub
12
RubyGems
930
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Taylored webhook validation vulnerabilities Critical
GHSA-8g98-m4j9-qww5 was published for taylored (npm) Jun 18, 2025
Fabio allows HTTP clients to manipulate custom headers it adds Critical
CVE-2025-48865 was published for github.com/fabiolb/fabio (Go) May 29, 2025
47Cid
IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks... Critical Unreviewed
CVE-2025-27558 was published May 21, 2025
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server... Critical Unreviewed
CVE-2022-31813 was published Jun 10, 2022
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed
CVE-2021-4226 was published Dec 15, 2022
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442... Critical Unreviewed
CVE-2025-27680 was published Mar 5, 2025
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-4699 was published Nov 6, 2023
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated... Critical Unreviewed
CVE-2022-26871 was published Mar 30, 2022
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware... Critical Unreviewed
CVE-2023-28386 was published May 22, 2023
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they... Critical Unreviewed
CVE-2024-11666 was published Nov 25, 2024
Insufficient Verification of Data Authenticity in python-keystoneclient Critical
CVE-2013-2167 was published for python-keystoneclient (pip) Mar 10, 2020
HTTP client can manipulate custom HTTP headers that are added by Traefik Critical
CVE-2024-45410 was published for github.com/traefik/traefik (Go) Sep 19, 2024
drolmat
The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not... Critical Unreviewed
CVE-2024-1554 was published Feb 20, 2024
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed
CVE-2023-28863 was published Apr 18, 2023
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36139 was published Aug 4, 2023
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address... Critical Unreviewed
CVE-2023-36134 was published Aug 4, 2023
Controller may be loaded with malicious firmware which could enable remote code execution Critical Unreviewed
CVE-2023-25178 was published Jul 13, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of... Critical Unreviewed
CVE-2023-2987 was published May 31, 2023
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded... Critical Unreviewed
CVE-2023-27748 was published Apr 13, 2023
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is... Critical Unreviewed
CVE-2019-11235 was published May 24, 2022
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is... Critical Unreviewed
CVE-2022-3703 was published Jul 6, 2023
Prototype Pollution in defaults-deep Critical
CVE-2018-16486 was published for defaults-deep (npm) Feb 7, 2019
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed
CVE-2022-0715 was published Mar 10, 2022
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all... Critical Unreviewed
CVE-2019-6695 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database