GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
tlslite-ng off-by-one error on mac checking
High
CVE-2018-1000159
was published
for
tlslite-ng
(pip)
Jul 12, 2018
Incomplete validation of shapes in multiple TF ops
High
CVE-2021-41206
was published
for
tensorflow
(pip)
Nov 10, 2021
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Improper Validation of Integrity Check Value in TensorFlow
High
GHSA-43q8-3fv7-pr5x
was published
for
tensorflow
(pip)
Feb 9, 2022
Improper Validation of Integrity Check Value in Bouncy Castle
Moderate
CVE-2018-5382
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Moodle Grade information disclosure in grade's external fetch functions
Moderate
CVE-2021-20184
was published
for
moodle/moodle
(Composer)
May 24, 2022
Improper Validation of Integrity Check Value in go-tuf
High
CVE-2022-29173
was published
for
github.com/theupdateframework/go-tuf
(Go)
May 24, 2022
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
High
CVE-2022-35961
was published
for
@openzeppelin/contracts
(npm)
Aug 18, 2022
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Moderate
CVE-2023-34459
was published
for
@openzeppelin/contracts
(npm)
Jun 19, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Apache MINA SSHD: integrity check bypass
High
CVE-2024-41909
was published
for
org.apache.sshd:sshd-common
(Maven)
Aug 12, 2024
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Moderate
CVE-2024-47211
was published
for
ironic
(pip)
Oct 4, 2024
secp256k1-node allows private key extraction over ECDH
High
CVE-2024-48930
was published
for
secp256k1
(npm)
Oct 21, 2024
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
High
CVE-2024-52550
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API