GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,956 advisories
Filter by severity
Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon...
Critical
Unreviewed
CVE-2018-13898
was published
May 24, 2022
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis...
Critical
Unreviewed
CVE-2018-13906
was published
May 24, 2022
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for...
Critical
Unreviewed
CVE-2018-6339
was published
May 24, 2022
When receiving calls using WhatsApp for Android, a missing size check when parsing a sender...
Critical
Unreviewed
CVE-2018-6349
was published
May 24, 2022
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers....
Critical
Unreviewed
CVE-2018-6350
was published
May 24, 2022
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided...
Critical
Unreviewed
CVE-2018-20655
was published
May 24, 2022
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies...
Critical
Unreviewed
CVE-2019-10126
was published
May 24, 2022
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains...
Critical
Unreviewed
CVE-2019-2255
was published
May 24, 2022
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains...
Critical
Unreviewed
CVE-2019-2256
was published
May 24, 2022
Resource allocation error while playing the video whose dimensions are more than supported...
Critical
Unreviewed
CVE-2019-2259
was published
May 24, 2022
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer...
Critical
Unreviewed
CVE-2019-12835
was published
May 24, 2022
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports...
Critical
Unreviewed
CVE-2018-20469
was published
May 24, 2022
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain...
Critical
Unreviewed
CVE-2019-12550
was published
May 24, 2022
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain...
Critical
Unreviewed
CVE-2019-12549
was published
May 24, 2022
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet...
Critical
Unreviewed
CVE-2019-6327
was published
May 24, 2022
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides...
Critical
Unreviewed
CVE-2017-9383
was published
May 24, 2022
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT...
Critical
Unreviewed
CVE-2017-9385
was published
May 24, 2022
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module...
Critical
Unreviewed
CVE-2019-5016
was published
May 24, 2022
OX App Suite 7.10.0 and earlier has Incorrect Access Control.
Critical
Unreviewed
CVE-2019-7158
was published
May 24, 2022
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC...
Critical
Unreviewed
CVE-2019-12874
was published
May 24, 2022
An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for...
Critical
Unreviewed
CVE-2018-16613
was published
May 24, 2022
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to...
Critical
Unreviewed
CVE-2018-15506
was published
May 24, 2022
VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an...
Critical
Unreviewed
CVE-2018-16618
was published
May 24, 2022
An Insufficient Access Control vulnerability (leading to credential disclosure) in...
Critical
Unreviewed
CVE-2018-17148
was published
May 24, 2022
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir...
Critical
Unreviewed
CVE-2018-17374
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API