Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1)... Moderate Unreviewed
CVE-2020-10136 was published May 24, 2022
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide... Moderate Unreviewed
CVE-2020-12272 was published May 24, 2022
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass... Moderate Unreviewed
CVE-2019-20790 was published May 24, 2022
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70... Moderate Unreviewed
CVE-2019-13715 was published May 24, 2022
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a... Moderate Unreviewed
CVE-2019-13704 was published May 24, 2022
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a... Moderate Unreviewed
CVE-2019-13709 was published May 24, 2022
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote... Moderate Unreviewed
CVE-2019-13701 was published May 24, 2022
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70... Moderate Unreviewed
CVE-2019-13703 was published May 24, 2022
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed... Moderate Unreviewed
CVE-2019-13708 was published May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential... Moderate Unreviewed
CVE-2019-18659 was published May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka ... Moderate Unreviewed
CVE-2019-1357 was published May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka... Moderate Unreviewed
CVE-2019-0608 was published May 24, 2022
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for... High Unreviewed
CVE-2019-15022 was published May 24, 2022
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass... High Unreviewed
CVE-2019-16378 was published May 24, 2022
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able... Moderate Unreviewed
CVE-2019-3884 was published May 24, 2022
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon... Critical Unreviewed
CVE-2018-7842 was published May 24, 2022
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. High Unreviewed
CVE-2018-15588 was published May 13, 2022
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by... High Unreviewed
CVE-2017-8422 was published May 13, 2022
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and... High Unreviewed
CVE-2017-6405 was published May 13, 2022
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2... High Unreviewed
CVE-2017-18190 was published May 13, 2022
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by... Critical Unreviewed
CVE-2017-14487 was published May 13, 2022
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier... High Unreviewed
CVE-2017-11717 was published May 13, 2022
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could... Moderate Unreviewed
CVE-2018-3829 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database