GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could...
High
Unreviewed
CVE-2022-42943
was published
Oct 21, 2022
A vulnerability was found in vim and classified as problematic. Affected by this issue is the...
High
Unreviewed
CVE-2022-3705
was published
Oct 27, 2022
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM...
High
Unreviewed
CVE-2022-29277
was published
Nov 16, 2022
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19...
High
Unreviewed
CVE-2022-43548
was published
Dec 6, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
Netty vulnerable to HTTP Response splitting from assigning header value iterator
Moderate
CVE-2022-41915
was published
for
io.netty:netty-codec-http
(Maven)
Dec 12, 2022
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead...
High
Unreviewed
CVE-2022-2601
was published
Dec 14, 2022
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to...
High
Unreviewed
CVE-2022-46334
was published
Dec 21, 2022
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer...
High
Unreviewed
CVE-2022-48281
was published
Jan 23, 2023
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
Kubernetes vulnerable to path traversal
Moderate
CVE-2022-3162
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and...
Moderate
Unreviewed
CVE-2022-3857
was published
Mar 7, 2023
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in...
Moderate
Unreviewed
CVE-2023-1203
was published
Mar 10, 2023
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator...
Moderate
Unreviewed
CVE-2022-47924
was published
Mar 27, 2023
The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0...
Moderate
Unreviewed
CVE-2022-47925
was published
Mar 27, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-28644
was published
Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-28643
was published
Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of...
High
Unreviewed
CVE-2022-28642
was published
Mar 29, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected...
Moderate
Unreviewed
CVE-2022-28645
was published
Mar 29, 2023
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly...
High
Unreviewed
CVE-2022-48502
was published
May 31, 2023
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4...
High
Unreviewed
CVE-2022-33179
was published
Jul 6, 2023
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially...
High
Unreviewed
CVE-2022-4139
was published
Jul 6, 2023
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in...
Critical
Unreviewed
CVE-2022-36648
was published
Aug 22, 2023
ProTip!
Advisories are also available from the
GraphQL API