Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

330 advisories

Loading
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before... High Unreviewed
CVE-2019-5737 was published May 13, 2022
An allocation of memory without limits, that could result in the stack clashing with another... High Unreviewed
CVE-2018-16865 was published May 13, 2022
An allocation of memory without limits, that could result in the stack clashing with another... High Unreviewed
CVE-2018-16864 was published May 13, 2022
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers,... High Unreviewed
CVE-2019-10953 was published May 13, 2022
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack... High Unreviewed
CVE-2016-4074 was published May 13, 2022
A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS... High Unreviewed
CVE-2019-1737 was published May 13, 2022
An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6,... High Unreviewed
CVE-2022-1510 was published May 12, 2022
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack... High Unreviewed
CVE-2022-28556 was published May 5, 2022
A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2022-20757 was published May 4, 2022
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD... High Unreviewed
CVE-2022-20751 was published May 4, 2022
A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD)... High Unreviewed
CVE-2022-20767 was published May 4, 2022
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0... High Unreviewed
CVE-2009-2726 was published May 2, 2022
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6... High Unreviewed
CVE-2009-2054 was published May 2, 2022
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2,... High Unreviewed
CVE-2008-1700 was published May 1, 2022
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to... High Unreviewed
CVE-2022-29701 was published Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP... High Unreviewed
CVE-2022-22278 was published Apr 28, 2022
encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large... High Unreviewed
CVE-2022-24675 was published Apr 21, 2022
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with... High Unreviewed
CVE-2022-20622 was published Apr 16, 2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using... High Unreviewed
CVE-2021-44502 was published Apr 16, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner... High Unreviewed
CVE-2017-20016 was published Mar 29, 2022
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU... High Unreviewed
CVE-2016-20013 was published Feb 20, 2022
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote... High Unreviewed
CVE-2022-23228 was published Feb 19, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor... High Unreviewed
CVE-2021-22050 was published Feb 17, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that... High Unreviewed
CVE-2021-41840 was published Feb 10, 2022
An authenticated user without any specific authorizations may be able to repeatedly invoke the... High Unreviewed
CVE-2021-32036 was published Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database