GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
Ansible unsafe evaluation of some strings
High
CVE-2014-2686
was published
for
ansible
(pip)
May 17, 2022
Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows...
High
Unreviewed
CVE-2023-31211
was published
Jan 12, 2024
there is a possible way to bypass due to a logic error in the code. This could lead to local...
High
Unreviewed
CVE-2024-32896
was published
Jun 13, 2024
Contract balance not updating correctly after interchain transaction
High
CVE-2024-37153
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source...
High
Unreviewed
CVE-2022-29607
was published
Apr 20, 2023
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of...
High
Unreviewed
CVE-2022-29605
was published
Apr 20, 2023
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will...
High
Unreviewed
CVE-2023-1668
was published
Apr 11, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Incorrect success value returned in vyper
High
CVE-2023-30629
was published
for
vyper
(pip)
Apr 24, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Multiple evaluation of contract address in call in vyper
High
CVE-2022-29255
was published
for
vyper
(pip)
Jun 6, 2022
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools...
High
Unreviewed
CVE-2022-27808
was published
Feb 16, 2023
Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before...
High
Unreviewed
CVE-2022-36278
was published
Feb 16, 2023
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically...
High
Unreviewed
CVE-2023-20921
was published
Jan 26, 2023
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a...
High
Unreviewed
CVE-2023-20915
was published
Jan 26, 2023
Drainage of FeeCollector's Block Transaction Fees in cronos
High
CVE-2021-43839
was published
for
github.com/crypto-org-chain/cronos
(Go)
Jan 6, 2022
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local...
High
Unreviewed
CVE-2017-0604
was published
May 13, 2022
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network...
High
Unreviewed
CVE-2019-9946
was published
May 13, 2022
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a...
High
Unreviewed
CVE-2018-16766
was published
May 13, 2022
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior...
High
Unreviewed
CVE-2022-26890
was published
May 6, 2022
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco...
High
Unreviewed
CVE-2021-34767
was published
May 24, 2022
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state...
High
Unreviewed
CVE-2021-0517
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API