GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
325 advisories
Filter by severity
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The...
Moderate
Unreviewed
CVE-2021-39907
was published
May 24, 2022
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command...
Moderate
Unreviewed
CVE-2001-1388
was published
Apr 30, 2022
SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[]...
Moderate
Unreviewed
CVE-2022-36146
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at ...
Moderate
Unreviewed
CVE-2022-35109
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea.
Moderate
Unreviewed
CVE-2022-35105
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer:...
Moderate
Unreviewed
CVE-2022-35111
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset()...
Moderate
Unreviewed
CVE-2022-35104
was published
Aug 17, 2022
SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common...
Moderate
Unreviewed
CVE-2022-35107
was published
Aug 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor...
Moderate
Unreviewed
CVE-2022-35089
was published
Sep 22, 2022
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All...
Moderate
Unreviewed
CVE-2022-41288
was published
Dec 13, 2022
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in...
Moderate
Unreviewed
CVE-2022-29973
was published
May 3, 2022
Allocation of Resources Without Limits or Throttling in Apache Tika
Moderate
CVE-2019-10093
was published
for
org.apache.tika:tika-parsers
(Maven)
Aug 6, 2019
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions...
Moderate
Unreviewed
CVE-2022-1428
was published
May 12, 2022
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial...
Moderate
Unreviewed
CVE-2018-16846
was published
May 13, 2022
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which...
Moderate
Unreviewed
CVE-2017-14107
was published
May 13, 2022
Potential DOS attack due to unrestricted attachment count in messages
Moderate
CVE-2019-12406
was published
for
org.apache.cxf:apache-cxf
(Maven)
Nov 8, 2019
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed...
Moderate
Unreviewed
CVE-2019-9073
was published
May 13, 2022
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed...
Moderate
Unreviewed
CVE-2019-9072
was published
May 13, 2022
On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform...
Moderate
Unreviewed
CVE-2019-0005
was published
May 13, 2022
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service ...
Moderate
Unreviewed
CVE-2019-9705
was published
May 13, 2022
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed...
Moderate
Unreviewed
CVE-2019-9076
was published
May 13, 2022
Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services...
Moderate
Unreviewed
CVE-2019-0038
was published
May 13, 2022
Denial of service in direct_mail
Moderate
CVE-2020-12697
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Regular Expression Denial of Service (ReDOS)
Moderate
CVE-2021-29060
was published
for
color-string
(npm)
Jun 22, 2021
ProTip!
Advisories are also available from the
GraphQL API