GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,447
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,459
NuGet
595
pip
2,877
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function...
High
Unreviewed
CVE-2021-27219
was published
May 24, 2022
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid...
High
Unreviewed
CVE-2019-25013
was published
May 24, 2022
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur...
Moderate
Unreviewed
CVE-2020-25723
was published
May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.
Critical
Unreviewed
CVE-2020-28366
was published
May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
Critical
Unreviewed
CVE-2020-28367
was published
May 24, 2022
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect...
Critical
Unreviewed
CVE-2019-18823
was published
May 24, 2022
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to ping floods
High
CVE-2019-9512
was published
for
golang.org/x/net
(Go)
May 24, 2022
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not...
Critical
Unreviewed
CVE-2022-28660
was published
May 21, 2022
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to...
High
Unreviewed
CVE-2022-1116
was published
May 18, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30126
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R)...
High
Unreviewed
CVE-2022-0004
was published
May 13, 2022
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality....
High
Unreviewed
CVE-2022-29855
was published
May 12, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection....
Critical
Unreviewed
CVE-2022-1292
was published
May 4, 2022
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an...
Moderate
Unreviewed
CVE-2022-22276
was published
Apr 28, 2022
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive...
Moderate
Unreviewed
CVE-2022-22277
was published
Apr 28, 2022
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ...
High
Unreviewed
CVE-2022-22275
was published
Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP...
High
Unreviewed
CVE-2022-22278
was published
Apr 28, 2022
A malicious crafted .dwf file when consumed through DesignReview.exe application could lead to...
High
Unreviewed
CVE-2022-27525
was published
Apr 19, 2022
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to...
High
Unreviewed
CVE-2022-27530
was published
Apr 19, 2022
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may...
High
Unreviewed
CVE-2022-27529
was published
Apr 19, 2022
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to...
High
Unreviewed
CVE-2022-27526
was published
Apr 19, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
ProTip!
Advisories are also available from the
GraphQL API