Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

157 advisories

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU.... Low Unreviewed
CVE-2021-3593 was published May 24, 2022
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs... Moderate Unreviewed
CVE-2021-20196 was published May 24, 2022
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If... High Unreviewed
CVE-2021-27218 was published May 24, 2022
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function... High Unreviewed
CVE-2021-27219 was published May 24, 2022
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid... High Unreviewed
CVE-2019-25013 was published May 24, 2022
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur... Moderate Unreviewed
CVE-2020-25723 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Critical Unreviewed
CVE-2020-28366 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. Critical Unreviewed
CVE-2020-28367 was published May 24, 2022
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect... Critical Unreviewed
CVE-2019-18823 was published May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not... Critical Unreviewed
CVE-2022-28660 was published May 21, 2022
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to... High Unreviewed
CVE-2022-1116 was published May 18, 2022
Regular expression denial of service in apache tika Moderate
CVE-2022-30126 was published for org.apache.tika:tika (Maven) May 17, 2022
Apache Tika vulnerable to uncontrolled memory consumption Moderate
CVE-2022-25169 was published for org.apache.tika:tika (Maven) May 17, 2022
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R)... High Unreviewed
CVE-2022-0004 was published May 13, 2022
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality.... High Unreviewed
CVE-2022-29855 was published May 12, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http Moderate
CVE-2022-24823 was published for io.netty:netty-codec-http (Maven) May 10, 2022
JLLeitschuh
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.... Critical Unreviewed
CVE-2022-1292 was published May 4, 2022
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an... Moderate Unreviewed
CVE-2022-22276 was published Apr 28, 2022
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive... Moderate Unreviewed
CVE-2022-22277 was published Apr 28, 2022
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ... High Unreviewed
CVE-2022-22275 was published Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP... High Unreviewed
CVE-2022-22278 was published Apr 28, 2022
A malicious crafted .dwf file when consumed through DesignReview.exe application could lead to... High Unreviewed
CVE-2022-27525 was published Apr 19, 2022
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to... High Unreviewed
CVE-2022-27530 was published Apr 19, 2022
ProTip! Advisories are also available from the GraphQL API