GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Use of Uninitialized Resource in alg_ds
Critical
CVE-2020-36432
was published
for
alg_ds
(Rust)
Aug 25, 2021
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Critical
CVE-2021-41264
was published
for
@openzeppelin/contracts
(npm)
Sep 15, 2021
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the...
Critical
Unreviewed
CVE-2022-0947
was published
May 11, 2022
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does...
Critical
Unreviewed
CVE-2017-13715
was published
May 13, 2022
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions...
Critical
Unreviewed
CVE-2019-3464
was published
May 13, 2022
An issue with incorrect ownership model of "privateBrowsing" information exposed through...
Critical
Unreviewed
CVE-2017-5468
was published
May 13, 2022
Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in...
Critical
Unreviewed
CVE-2018-11949
was published
May 24, 2022
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors...
Critical
Unreviewed
CVE-2015-8367
was published
May 24, 2022
Open Management Infrastructure Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2021-38647
was published
May 24, 2022
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via ...
Critical
Unreviewed
CVE-2022-37128
was published
Sep 1, 2022
Elrond-go has improper initialization
Critical
CVE-2022-36061
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 16, 2022
NodeBB vulnerable to account takeover via prototype vulnerability
Critical
CVE-2022-46164
was published
for
nodebb
(npm)
Dec 5, 2022
The CloudStack integration API service allows running its unauthenticated API server (usually on...
Critical
Unreviewed
CVE-2024-39864
was published
Jul 5, 2024
An improper input validation allows an unauthenticated attacker to achieve remote command...
Critical
Unreviewed
CVE-2024-36455
was published
Jul 15, 2024
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network...
Critical
Unreviewed
CVE-2024-21807
was published
Aug 14, 2024
ProTip!
Advisories are also available from the
GraphQL API