GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
43 advisories
Filter by severity
A use-after-free vulnerability exists in the RS-274X aperture definition tokenization...
High
Unreviewed
CVE-2021-40401
was published
Feb 10, 2022
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional...
High
Unreviewed
CVE-2005-4360
was published
May 1, 2022
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the...
High
Unreviewed
CVE-2007-5191
was published
May 1, 2022
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The...
High
Unreviewed
CVE-2018-14622
was published
May 13, 2022
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet...
High
Unreviewed
CVE-2019-10902
was published
May 13, 2022
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not...
High
Unreviewed
CVE-2018-20216
was published
May 13, 2022
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was...
High
Unreviewed
CVE-2018-14367
was published
May 13, 2022
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to...
High
Unreviewed
CVE-2017-0599
was published
May 13, 2022
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android....
High
Unreviewed
CVE-2017-0720
was published
May 13, 2022
A denial of service vulnerability in the Android media framework (libstagefright). Product:...
High
Unreviewed
CVE-2017-0774
was published
May 13, 2022
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the...
High
Unreviewed
CVE-2017-6964
was published
May 13, 2022
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in...
High
Unreviewed
CVE-2019-15942
was published
May 24, 2022
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products,...
High
Unreviewed
CVE-2020-7247
was published
May 24, 2022
The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check...
High
Unreviewed
CVE-2020-24074
was published
May 24, 2022
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation...
High
Unreviewed
CVE-2019-20919
was published
May 24, 2022
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The...
High
Unreviewed
CVE-2020-29569
was published
May 24, 2022
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value...
High
Unreviewed
CVE-2021-28875
was published
May 24, 2022
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval-...
High
Unreviewed
CVE-2021-28906
was published
May 24, 2022
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of...
High
Unreviewed
CVE-2021-28904
was published
May 24, 2022
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of...
High
Unreviewed
CVE-2021-28902
was published
May 24, 2022
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a...
High
Unreviewed
CVE-2021-3673
was published
May 24, 2022
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser...
High
Unreviewed
CVE-2021-34585
was published
May 24, 2022
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value,...
High
Unreviewed
CVE-2021-3998
was published
Aug 25, 2022
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies...
High
Unreviewed
CVE-2022-0485
was published
Aug 29, 2022
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response...
High
Unreviewed
CVE-2022-1319
was published
Sep 1, 2022
ProTip!
Advisories are also available from the
GraphQL API