GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
XSS in the `altField` option of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41182
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Microsoft Outlook for Mac Security Feature Bypass Vulnerability.
Moderate
Unreviewed
CVE-2022-23280
was published
Feb 10, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB...
Moderate
Unreviewed
CVE-2021-22040
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB...
Moderate
Unreviewed
CVE-2021-22041
was published
Feb 17, 2022
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an...
Moderate
Unreviewed
CVE-2022-22276
was published
Apr 28, 2022
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive...
Moderate
Unreviewed
CVE-2022-22277
was published
Apr 28, 2022
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Moderate
CVE-2022-24823
was published
for
io.netty:netty-codec-http
(Maven)
May 10, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30126
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur...
Moderate
Unreviewed
CVE-2020-25723
was published
May 24, 2022
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs...
Moderate
Unreviewed
CVE-2021-20196
was published
May 24, 2022
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to...
Moderate
Unreviewed
CVE-2021-27043
was published
May 24, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30973
was published
for
org.apache.tika:tika-core
(Maven)
Jun 1, 2022
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager...
Moderate
Unreviewed
CVE-2022-2221
was published
Jun 28, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer)....
Moderate
Unreviewed
CVE-2022-21553
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated)....
Moderate
Unreviewed
CVE-2022-21547
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer)....
Moderate
Unreviewed
CVE-2022-21569
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer)....
Moderate
Unreviewed
CVE-2022-21556
was published
Jul 20, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General)....
Moderate
Unreviewed
CVE-2022-21550
was published
Jul 20, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General)....
Moderate
Unreviewed
CVE-2022-21519
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin)....
Moderate
Unreviewed
CVE-2022-21455
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure)....
Moderate
Unreviewed
CVE-2022-21534
was published
Jul 20, 2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer)....
Moderate
Unreviewed
CVE-2022-21529
was published
Jul 20, 2022
ProTip!
Advisories are also available from the
GraphQL API