Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

838 advisories

Loading
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table... Critical Unreviewed
CVE-2012-6125 was published Apr 23, 2022
cumin: At installation postgresql database user created without password Critical Unreviewed
CVE-2012-3460 was published Apr 23, 2022
opendnssec misuses libcurl API Critical Unreviewed
CVE-2012-5582 was published Apr 23, 2022
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code... Critical Unreviewed
CVE-2022-29499 was published Apr 27, 2022
Improper Input Validation in httpx Critical
CVE-2021-41945 was published for httpx (pip) Apr 29, 2022
lebr0nli Bibo-Joshi
AngellusMortis marcoaaguiar br3ndonland
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2... Critical Unreviewed
CVE-2022-28054 was published May 3, 2022
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Critical Unreviewed
CVE-2013-7483 was published May 5, 2022
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service... Critical Unreviewed
CVE-2013-1910 was published May 5, 2022
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview Critical Unreviewed
CVE-2013-2259 was published May 5, 2022
ReviewBoard and Djblets library are vulnerable to code execution Critical
CVE-2013-4409 was published for ReviewBoard (pip) May 5, 2022
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php... Critical Unreviewed
CVE-2013-2093 was published May 5, 2022
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable... Critical Unreviewed
CVE-2013-7171 was published May 5, 2022
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
Tenant and Verifier might not use the same registrar data Critical
CVE-2022-1053 was published for keylime (pip) May 5, 2022
THS-on
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute... Critical Unreviewed
CVE-2022-29897 was published May 12, 2022
Remote code execution in PATCH requests in Spring Data REST Critical
CVE-2017-8046 was published for org.springframework.data:spring-data-rest-core (Maven) May 13, 2022
Improper Input Validation in JGroups Critical
CVE-2016-2141 was published for org.jgroups:jgroups (Maven) May 13, 2022
sharonbz
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7231 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7232 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7233 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7237 was published May 13, 2022
The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x... Critical Unreviewed
CVE-2016-2786 was published May 13, 2022
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed
CVE-2015-7705 was published May 13, 2022
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code... Critical Unreviewed
CVE-2017-4997 was published May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary... Critical Unreviewed
CVE-2017-9034 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database