GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
926 advisories
Filter by severity
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all...
High
Unreviewed
CVE-2023-6680
was published
Dec 15, 2023
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the...
High
Unreviewed
CVE-2020-12614
was published
Dec 12, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected...
High
Unreviewed
CVE-2023-48427
was published
Dec 12, 2023
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to...
Moderate
Unreviewed
CVE-2023-50454
was published
Dec 10, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this...
High
Unreviewed
CVE-2023-49247
was published
Dec 6, 2023
KEPServerEX does not properly validate certificates from clients which may allow...
High
Unreviewed
CVE-2023-5909
was published
Dec 1, 2023
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity...
High
Unreviewed
CVE-2023-49312
was published
Nov 27, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component....
High
Unreviewed
CVE-2023-43082
was published
Nov 22, 2023
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote...
High
Unreviewed
CVE-2023-42532
was published
Nov 13, 2023
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-42425
was published
Oct 31, 2023
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet...
High
Unreviewed
CVE-2023-31421
was published
Oct 26, 2023
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows...
Moderate
Unreviewed
CVE-2022-3761
was published
Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity...
Moderate
Unreviewed
CVE-2022-22380
was published
Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a...
Moderate
Unreviewed
CVE-2022-43892
was published
Oct 17, 2023
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for...
Critical
Unreviewed
CVE-2023-5422
was published
Oct 16, 2023
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known...
High
Unreviewed
CVE-2023-4499
was published
Oct 13, 2023
Lack of TLS certificate verification in log transmission of a financial module within LINE Client...
Critical
Unreviewed
CVE-2023-5554
was published
Oct 12, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified
Critical
Unreviewed
CVE-2023-45613
was published
Oct 9, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default
Moderate
CVE-2023-4586
was published
for
io.netty:netty-handler
(Maven)
Oct 4, 2023
•
withdrawn
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS...
Moderate
Unreviewed
CVE-2023-41991
was published
Sep 21, 2023
MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows...
Moderate
Unreviewed
CVE-2023-38353
was published
Sep 19, 2023
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to...
High
Unreviewed
CVE-2023-38352
was published
Sep 19, 2023
ProTip!
Advisories are also available from the
GraphQL API