GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
2FA bypass in Wagtail through new device path
Moderate
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
Skype for Business and Lync Spoofing Vulnerability.
Moderate
Unreviewed
CVE-2022-26910
was published
Apr 16, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6...
Moderate
Unreviewed
CVE-2019-10875
was published
Apr 30, 2022
Cache Poisoning issue exists in DNS Response Rate Limiting.
Moderate
Unreviewed
CVE-2013-5661
was published
May 5, 2022
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted...
Moderate
Unreviewed
CVE-2017-12096
was published
May 13, 2022
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney...
Moderate
Unreviewed
CVE-2017-12095
was published
May 13, 2022
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a...
Moderate
Unreviewed
CVE-2018-1695
was published
May 13, 2022
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails...
Moderate
Unreviewed
CVE-2018-8153
was published
May 13, 2022
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka...
Moderate
Unreviewed
CVE-2018-8278
was published
May 13, 2022
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka ...
Moderate
Unreviewed
CVE-2018-8383
was published
May 13, 2022
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka...
Moderate
Unreviewed
CVE-2018-8388
was published
May 13, 2022
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka...
Moderate
Unreviewed
CVE-2018-8425
was published
May 13, 2022
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could...
Moderate
Unreviewed
CVE-2018-3829
was published
May 13, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Django WSGI Header Spoofing Vulnerability
Moderate
CVE-2015-0219
was published
for
Django
(pip)
May 17, 2022
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able...
Moderate
Unreviewed
CVE-2019-3884
was published
May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka...
Moderate
Unreviewed
CVE-2019-0608
was published
May 24, 2022
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka ...
Moderate
Unreviewed
CVE-2019-1357
was published
May 24, 2022
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential...
Moderate
Unreviewed
CVE-2019-18659
was published
May 24, 2022
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70...
Moderate
Unreviewed
CVE-2019-13703
was published
May 24, 2022
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed...
Moderate
Unreviewed
CVE-2019-13708
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API