GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
325 advisories
Filter by severity
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with...
Moderate
Unreviewed
CVE-2022-1325
was published
Sep 1, 2022
In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function ...
Moderate
Unreviewed
CVE-2020-35534
was published
Sep 2, 2022
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before...
Moderate
Unreviewed
CVE-2019-15165
was published
May 24, 2022
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in...
Moderate
Unreviewed
CVE-2020-6610
was published
May 24, 2022
rdiffweb has no rate limit on resend email feature
Moderate
CVE-2022-4723
was published
for
rdiffweb
(pip)
Dec 27, 2022
pyftpdlib vulnerable to allocation of resources without limits
Moderate
CVE-2007-6740
was published
for
pyftpdlib
(pip)
May 1, 2022
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
Moderate
Unreviewed
CVE-2020-15806
was published
May 24, 2022
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping...
Moderate
Unreviewed
CVE-2020-29570
was published
May 24, 2022
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored...
Moderate
Unreviewed
CVE-2020-29486
was published
May 24, 2022
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of...
Moderate
Unreviewed
CVE-2020-29567
was published
May 24, 2022
An attacker-controlled memory allocation size can be passed to the C++ new operator in the...
Moderate
Unreviewed
CVE-2020-5806
was published
May 24, 2022
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker...
Moderate
Unreviewed
CVE-2021-1350
was published
May 24, 2022
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client...
Moderate
Unreviewed
CVE-2020-25652
was published
May 24, 2022
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system...
Moderate
Unreviewed
CVE-2020-25650
was published
May 24, 2022
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by...
Moderate
Unreviewed
CVE-2022-22488
was published
Dec 12, 2022
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are...
Moderate
Unreviewed
CVE-2020-29568
was published
May 24, 2022
tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long...
Moderate
Unreviewed
CVE-2022-36155
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via...
Moderate
Unreviewed
CVE-2022-35113
was published
Aug 17, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4044
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4045
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When...
Moderate
Unreviewed
CVE-2021-22210
was published
May 24, 2022
There is a resource management error vulnerability in the verisions V500R001C60SPC500,...
Moderate
Unreviewed
CVE-2021-22360
was published
May 24, 2022
A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions...
Moderate
Unreviewed
CVE-2021-25666
was published
May 24, 2022
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12...
Moderate
Unreviewed
CVE-2021-22207
was published
May 24, 2022
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user...
Moderate
Unreviewed
CVE-2022-4019
was published
Nov 23, 2022
ProTip!
Advisories are also available from the
GraphQL API