Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,447
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,459
NuGet
595
pip
2,877
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

154 advisories

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function... High Unreviewed
CVE-2021-27219 was published May 24, 2022
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid... High Unreviewed
CVE-2019-25013 was published May 24, 2022
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur... Moderate Unreviewed
CVE-2020-25723 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Critical Unreviewed
CVE-2020-28366 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect... Critical Unreviewed
CVE-2019-18823 was published May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not... Critical Unreviewed
CVE-2022-28660 was published May 21, 2022
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to... High Unreviewed
CVE-2022-1116 was published May 18, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika (Maven) May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R)... High Unreviewed
CVE-2022-0004 was published May 13, 2022
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality.... High Unreviewed
CVE-2022-29855 was published May 12, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an... Moderate Unreviewed
CVE-2022-22276 was published Apr 28, 2022
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive... Moderate Unreviewed
CVE-2022-22277 was published Apr 28, 2022
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ... High Unreviewed
CVE-2022-22275 was published Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP... High Unreviewed
CVE-2022-22278 was published Apr 28, 2022
A malicious crafted .dwf file when consumed through DesignReview.exe application could lead to... High Unreviewed
CVE-2022-27525 was published Apr 19, 2022
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to... High Unreviewed
CVE-2022-27530 was published Apr 19, 2022
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may... High Unreviewed
CVE-2022-27529 was published Apr 19, 2022
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to... High Unreviewed
CVE-2022-27526 was published Apr 19, 2022
Improper handling of case sensitivity in Spring Framework High
CVE-2022-22968 was published for org.springframework:spring-context (Maven) Apr 15, 2022
tdunlap607 amita-seal
ProTip! Advisories are also available from the GraphQL API