Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

5,450 advisories

Loading
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0773 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua High
CVE-2018-12086 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0592 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0611 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0769 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0771 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0609 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Data races in aovec High
CVE-2020-36207 was published for aovec (Rust) Aug 25, 2021
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM High
GHSA-34vw-m4rh-r36p was published for github.com/talos-systems/talos (Go) Sep 16, 2022
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before... High Unreviewed
CVE-2022-41741 was published Oct 20, 2022
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before... High Unreviewed
CVE-2022-41742 was published Oct 20, 2022
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... High Unreviewed
CVE-2017-16302 was published Jan 12, 2023
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF... High Unreviewed
CVE-2022-3161 was published Jan 13, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... High Unreviewed
CVE-2017-16267 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... High Unreviewed
CVE-2017-16301 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... High Unreviewed
CVE-2017-16257 was published Jan 12, 2023
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... High Unreviewed
CVE-2017-16260 was published Jan 12, 2023
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of... High Unreviewed
CVE-2022-3087 was published Jan 17, 2023
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe... High Unreviewed
CVE-2016-4155 was published May 13, 2022
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe... High Unreviewed
CVE-2016-4152 was published May 13, 2022
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based... High Unreviewed
CVE-2022-23850 was published Jan 24, 2022
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an... High Unreviewed
CVE-2022-25293 was published Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API