Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,866
Maven
5,000+
npm
3,588
NuGet
636
pip
3,178
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Logic error in Legion of the Bouncy Castle BC Java High
CVE-2020-28052 was published for org.bouncycastle:bcprov-ext-jdk15on (Maven) Apr 30, 2021
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
Incorrect handling of invalid surrogate pair characters High
CVE-2022-31116 was published for ujson (pip) Jul 5, 2022
JustAnotherArchivist the-bumble
Solana Pay Vulnerable to Weakness in Transfer Validation Logic Moderate
CVE-2022-35917 was published for @solana/pay (npm) Aug 6, 2022
cmowenby
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource... Moderate Unreviewed
CVE-2020-25598 was published May 24, 2022
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid... High Unreviewed
CVE-2019-11412 was published May 24, 2022
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7... Critical Unreviewed
CVE-2019-17192 was published May 24, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and... Moderate Unreviewed
CVE-2020-3885 was published May 24, 2022
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM)... Moderate Unreviewed
CVE-2020-8671 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing... High Unreviewed
CVE-2020-25603 was published May 24, 2022
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left... High Unreviewed
CVE-2020-36277 was published May 24, 2022
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one... Moderate Unreviewed
CVE-2020-35477 was published May 24, 2022
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks... Moderate Unreviewed
CVE-2021-0273 was published May 24, 2022
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state... High Unreviewed
CVE-2021-0517 was published May 24, 2022
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco... High Unreviewed
CVE-2021-34767 was published May 24, 2022
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior... High Unreviewed
CVE-2022-26890 was published May 6, 2022
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs Moderate
CVE-2022-41884 was published for tensorflow (pip) Nov 21, 2022
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a... High Unreviewed
CVE-2018-16766 was published May 13, 2022
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser()... Moderate Unreviewed
CVE-2018-19212 was published May 13, 2022
Missing Handler in @scandipwa/magento-scripts Moderate
CVE-2021-32684 was published for @scandipwa/magento-scripts (npm) Jun 21, 2021
Specification non-compliance in JUMPI High
CVE-2021-41153 was published for evm (Rust) Oct 19, 2021
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network... High Unreviewed
CVE-2019-9946 was published May 13, 2022
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local... High Unreviewed
CVE-2017-0604 was published May 13, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm) Moderate
CVE-2022-39354 was published for evm (Rust) Oct 25, 2022
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to... Moderate Unreviewed
CVE-2018-19058 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API