Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by... High Unreviewed
CVE-2024-42416 was published Sep 5, 2024
panic on parsing crafted phonenumber inputs High
CVE-2024-39697 was published for phonenumber (Rust) Jul 9, 2024
rubdos
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow... High Unreviewed
CVE-2024-5102 was published Jun 10, 2024
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express... High Unreviewed
CVE-2024-30527 was published May 17, 2024
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 gferon
blurhash panics on parsing crafted inputs High
CVE-2023-42447 was published for blurhash (Rust) Sep 21, 2023
rubdos
jcvi vulnerable to Configuration Injection due to unsanitized user input High
CVE-2023-35932 was published for jcvi (pip) Jun 23, 2023
Sim4n6
A denial of service attack might be launched against the server if an unusually lengthy password ... High Unreviewed
CVE-2023-30082 was published Jun 14, 2023
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the... High Unreviewed
CVE-2022-4904 was published Mar 7, 2023
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling... High Unreviewed
CVE-2021-28510 was published Jan 26, 2023
The demon image annotation plugin for WordPress is vulnerable to improper input validation in... High Unreviewed
CVE-2022-4171 was published Dec 13, 2022
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1),... High Unreviewed
CVE-2021-44693 was published Dec 13, 2022
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series... High Unreviewed
CVE-2022-20689 was published Dec 12, 2022
Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series... High Unreviewed
CVE-2022-20690 was published Dec 12, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
parse-server crashes when receiving file download request with invalid byte range High
CVE-2022-39313 was published for parse-server (npm) Oct 18, 2022
hej2010 tdunlap607
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` High
CVE-2022-36086 was published for linked_list_allocator (Rust) Sep 16, 2022
evanrichter
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP... High Unreviewed
CVE-2022-2277 was published Sep 15, 2022
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds... High Unreviewed
CVE-2022-2868 was published Aug 18, 2022
NHI’s health insurance web service component has insufficient validation for input string length,... High Unreviewed
CVE-2021-45918 was published Jun 21, 2022
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol... High Unreviewed
CVE-2010-3904 was published May 13, 2022
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that... High Unreviewed
CVE-2022-28613 was published May 3, 2022
src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3... High Unreviewed
CVE-2008-2374 was published May 1, 2022
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the... High Unreviewed
CVE-2008-1440 was published May 1, 2022
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft... High Unreviewed
CVE-2021-21943 was published Apr 15, 2022
ProTip! Advisories are also available from the GraphQL API