Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni
Credited to Sideni
This issue was addressed with improved handling of executable types. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24148 was published Apr 1, 2025
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A... Critical Unreviewed
CVE-2023-50738 was published Jan 17, 2025
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. Critical Unreviewed
CVE-2024-25678 was published Feb 9, 2024
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access... Critical Unreviewed
CVE-2023-33668 was published Jul 12, 2023
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware... Critical Unreviewed
CVE-2023-28386 was published May 22, 2023
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page)... Critical Unreviewed
CVE-2022-31266 was published Jun 30, 2022
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for... Critical Unreviewed
CVE-2017-15994 was published May 13, 2022
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration... Critical Unreviewed
CVE-2022-29898 was published May 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database