Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
Logic error in Legion of the Bouncy Castle BC Java High
CVE-2020-28052 was published for org.bouncycastle:bcprov-ext-jdk15on (Maven) Apr 30, 2021
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Solana Pay Vulnerable to Weakness in Transfer Validation Logic Moderate
CVE-2022-35917 was published for @solana/pay (npm) Aug 6, 2022
cmowenby
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource... Moderate Unreviewed
CVE-2020-25598 was published May 24, 2022
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid... High Unreviewed
CVE-2019-11412 was published May 24, 2022
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7... Critical Unreviewed
CVE-2019-17192 was published May 24, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and... Moderate Unreviewed
CVE-2020-3885 was published May 24, 2022
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM)... Moderate Unreviewed
CVE-2020-8671 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing... High Unreviewed
CVE-2020-25603 was published May 24, 2022
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left... High Unreviewed
CVE-2020-36277 was published May 24, 2022
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one... Moderate Unreviewed
CVE-2020-35477 was published May 24, 2022
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks... Moderate Unreviewed
CVE-2021-0273 was published May 24, 2022
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state... High Unreviewed
CVE-2021-0517 was published May 24, 2022
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco... High Unreviewed
CVE-2021-34767 was published May 24, 2022
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior... High Unreviewed
CVE-2022-26890 was published May 6, 2022
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs Moderate
CVE-2022-41884 was published for tensorflow (pip) Nov 21, 2022
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a... High Unreviewed
CVE-2018-16766 was published May 13, 2022
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser()... Moderate Unreviewed
CVE-2018-19212 was published May 13, 2022
Missing Handler in @scandipwa/magento-scripts Moderate
CVE-2021-32684 was published for @scandipwa/magento-scripts (npm) Jun 21, 2021
Specification non-compliance in JUMPI High
CVE-2021-41153 was published for evm (Rust) Oct 19, 2021
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network... High Unreviewed
CVE-2019-9946 was published May 13, 2022
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local... High Unreviewed
CVE-2017-0604 was published May 13, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm) Moderate
CVE-2022-39354 was published for evm (Rust) Oct 25, 2022
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to... Moderate Unreviewed
CVE-2018-19058 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database