Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

310 advisories

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a... High Unreviewed
CVE-2016-4864 was published May 14, 2022
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of... High Unreviewed
CVE-2018-5207 was published May 14, 2022
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. High Unreviewed
CVE-2018-5205 was published May 14, 2022
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5... High Unreviewed
CVE-2019-7715 was published May 14, 2022
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads... High Unreviewed
CVE-2016-5716 was published May 14, 2022
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing... High Unreviewed
CVE-2018-17336 was published May 14, 2022
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0... High Unreviewed
CVE-2018-8778 was published May 13, 2022
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via ... High Unreviewed
CVE-2017-9212 was published May 13, 2022
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input... Critical Unreviewed
CVE-2017-10685 was published May 13, 2022
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior... High Unreviewed
CVE-2017-12702 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... High Unreviewed
CVE-2017-16602 was published May 13, 2022
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user... Moderate Unreviewed
CVE-2017-7519 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16608 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17407 was published May 13, 2022
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS... High Unreviewed
CVE-2018-0175 was published May 13, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could... High Unreviewed
CVE-2018-1566 was published May 13, 2022
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information... High Unreviewed
CVE-2018-6875 was published May 13, 2022
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format... High Unreviewed
CVE-2018-12590 was published May 13, 2022
The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Moderate Unreviewed
CVE-2018-15749 was published May 13, 2022
The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to... High Unreviewed
CVE-2018-16554 was published May 13, 2022
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5... High Unreviewed
CVE-2019-7711 was published May 13, 2022
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on... High Unreviewed
CVE-2019-7712 was published May 13, 2022
Remote Code Execution in Apache Dubbo Critical
CVE-2021-36161 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Format string vulnerabilities in pancurses High
CVE-2019-15546 was published for pancurses (Rust) Aug 25, 2021
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85)... High Unreviewed
CVE-2018-1000052 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API