GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
When an authenticated password change request takes place, this vulnerability could allow the...
High
Unreviewed
CVE-2021-32926
was published
May 24, 2022
In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021),...
High
Unreviewed
CVE-2021-41033
was published
May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3)....
High
Unreviewed
CVE-2017-12735
was published
May 13, 2022
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a...
High
Unreviewed
CVE-2019-14899
was published
May 24, 2022
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017...
High
Unreviewed
CVE-2017-15086
was published
May 13, 2022
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017...
Moderate
Unreviewed
CVE-2017-15085
was published
May 13, 2022
containernetworking/plugins vulnerable to MitM attacks
Moderate
CVE-2020-10749
was published
for
github.com/containernetworking/plugins
(Go)
May 24, 2022
Insecure Defaults Allow MITM Over TLS in engine.io-client
Moderate
CVE-2016-10536
was published
for
engine.io-client
(npm)
Feb 18, 2019
Machine-In-The-Middle in https-proxy-agent
Moderate
GHSA-pc5p-h8pf-mvwp
was published
for
https-proxy-agent
(npm)
Apr 16, 2020
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
High
GHSA-j3rq-4xjw-xg63
was published
for
github.com/edgelesssys/marblerun
(Go)
Dec 4, 2023
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Moderate
CVE-2020-2185
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0...
High
Unreviewed
CVE-2023-31004
was published
Feb 3, 2024
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to...
High
Unreviewed
CVE-2021-22909
was published
May 24, 2022
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0...
Critical
Unreviewed
CVE-2019-3793
was published
May 24, 2022
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle...
Moderate
Unreviewed
CVE-2019-3981
was published
May 24, 2022
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL...
Moderate
Unreviewed
CVE-2023-2310
was published
May 10, 2023
Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle ...
High
Unreviewed
CVE-2023-2885
was published
May 25, 2023
Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network...
Moderate
Unreviewed
CVE-2023-4885
was published
Oct 3, 2023
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of...
High
Unreviewed
CVE-2023-32634
was published
Oct 12, 2023
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to...
Moderate
Unreviewed
CVE-2021-22890
was published
May 24, 2022
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG...
High
Unreviewed
CVE-2024-32049
was published
May 8, 2024
easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which...
Unknown
Unreviewed
CVE-2019-19751
was published
Apr 30, 2024
ProTip!
Advisories are also available from the
GraphQL API