GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,426
Erlang
29
GitHub Actions
16
Go
1,653
Maven
4,915
npm
3,442
NuGet
594
pip
2,832
Pub
10
RubyGems
823
Rust
763
Swift
34
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles...
Moderate
Unreviewed
CVE-2017-7495
was published
May 17, 2022
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations...
High
Unreviewed
CVE-2016-10088
was published
May 14, 2022
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the...
Moderate
Unreviewed
CVE-2016-7042
was published
May 14, 2022
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a...
Moderate
Unreviewed
CVE-2016-7097
was published
May 14, 2022
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local...
Moderate
Unreviewed
CVE-2016-8645
was published
May 14, 2022
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel...
High
Unreviewed
CVE-2016-9806
was published
May 14, 2022
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not...
High
Unreviewed
CVE-2016-9576
was published
May 14, 2022
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1...
Moderate
Unreviewed
CVE-2016-9685
was published
May 14, 2022
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79...
Moderate
Unreviewed
CVE-2017-6951
was published
May 14, 2022
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users...
High
Unreviewed
CVE-2017-7187
was published
May 14, 2022
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local...
High
Unreviewed
CVE-2017-7533
was published
May 14, 2022
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type...
High
Unreviewed
CVE-2017-8797
was published
May 14, 2022
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to...
High
Unreviewed
CVE-2017-6001
was published
May 14, 2022
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4...
High
Unreviewed
CVE-2017-8890
was published
May 14, 2022
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that...
High
Unreviewed
CVE-2017-9074
was published
May 14, 2022
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1...
High
Unreviewed
CVE-2017-9077
was published
May 13, 2022
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1...
High
Unreviewed
CVE-2017-9076
was published
May 13, 2022
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1...
High
Unreviewed
CVE-2017-9075
was published
May 13, 2022
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9...
High
Unreviewed
CVE-2017-5970
was published
May 13, 2022
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in...
Moderate
Unreviewed
CVE-2017-2671
was published
May 13, 2022
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an...
Moderate
Unreviewed
CVE-2016-9604
was published
May 13, 2022
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb...
High
Unreviewed
CVE-2017-2669
was published
May 13, 2022
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5...
Moderate
Unreviewed
CVE-2015-8839
was published
May 13, 2022
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the...
High
Unreviewed
CVE-2017-7889
was published
May 13, 2022
Improper Input Validation in async-http-client
High
CVE-2017-14063
was published
for
org.asynchttpclient:async-http-client
(Maven)
Oct 19, 2018
ProTip!
Advisories are also available from the
GraphQL API