GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,525
NuGet
611
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may...
High
Unreviewed
CVE-2022-27529
was published
Apr 19, 2022
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to...
High
Unreviewed
CVE-2022-27526
was published
Apr 19, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component...
High
Unreviewed
CVE-2022-27386
was published
Apr 13, 2022
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component...
High
Unreviewed
CVE-2022-27382
was published
Apr 13, 2022
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was...
High
Unreviewed
CVE-2022-27378
was published
Apr 13, 2022
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the...
High
Unreviewed
CVE-2022-27387
was published
Apr 13, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
High
CVE-2018-25032
was published
for
nokogiri
(RubyGems)
Mar 26, 2022
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when...
High
Unreviewed
CVE-2021-3748
was published
Mar 24, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5...
High
Unreviewed
CVE-2022-26490
was published
Mar 7, 2022
Due to the formatting logic of the "console.table()" function it was not safe to allow user...
High
Unreviewed
CVE-2022-21824
was published
Feb 25, 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is...
Critical
Unreviewed
CVE-2022-0543
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24048
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24050
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24051
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24052
was published
Feb 19, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd...
High
Unreviewed
CVE-2021-22042
was published
Feb 17, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor...
High
Unreviewed
CVE-2021-22050
was published
Feb 17, 2022
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way...
High
Unreviewed
CVE-2021-22043
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB...
Moderate
Unreviewed
CVE-2021-22041
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB...
Moderate
Unreviewed
CVE-2021-22040
was published
Feb 17, 2022
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux...
High
Unreviewed
CVE-2021-4154
was published
Feb 11, 2022
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts...
High
Unreviewed
CVE-2021-45960
was published
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API