Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges... Moderate Unreviewed
CVE-2024-47255 was published Nov 5, 2024
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious... High Unreviewed
CVE-2024-7402 was published Aug 14, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
Credited to Sideni
A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162.... High Unreviewed
CVE-2025-7096 was published Jul 7, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh russellb
Credited to kexinoh and russellb
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun
Credited to Just-Hack-For-Fun
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8... High Unreviewed
CVE-2025-39203 was published Jun 24, 2025
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
sugar700 levpachmanov
Credited to TrueSkrillor, lambdafu, sugar700, and levpachmanov
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. Critical Unreviewed
CVE-2024-25678 was published Feb 9, 2024
An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for... Moderate Unreviewed
CVE-2025-4418 was published Jun 12, 2025
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi... High Unreviewed
CVE-2022-38955 was published Sep 21, 2022
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi... Moderate Unreviewed
CVE-2022-38956 was published Sep 21, 2022
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could... Moderate Unreviewed
CVE-2020-6228 was published May 24, 2022
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third... High Unreviewed
CVE-2018-6336 was published May 13, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for... Critical Unreviewed
CVE-2017-15994 was published May 13, 2022
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3... High Unreviewed
CVE-2017-4961 was published May 13, 2022
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... Moderate Unreviewed
CVE-2025-3479 was published Apr 17, 2025
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and... Moderate Unreviewed
CVE-2025-3247 was published Apr 16, 2025
This issue was addressed with improved handling of executable types. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24148 was published Apr 1, 2025
Apache MINA SSHD: integrity check bypass High
CVE-2024-41909 was published for org.apache.sshd:sshd-common (Maven) Aug 12, 2024
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update... Moderate Unreviewed
CVE-2023-23120 was published Feb 2, 2023
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2... Moderate Unreviewed
CVE-2024-47573 was published Mar 14, 2025
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
Credited to RTann
Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect ... Moderate Unreviewed
CVE-2024-47935 was published Feb 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database