GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
154 advisories
Filter by severity
XSS in the `altField` option of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41182
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers...
High
Unreviewed
CVE-2022-0270
was published
Jan 26, 2022
A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and...
High
Unreviewed
CVE-2021-40167
was published
Jan 26, 2022
Microsoft Outlook for Mac Security Feature Bypass Vulnerability.
Moderate
Unreviewed
CVE-2022-23280
was published
Feb 10, 2022
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts...
High
Unreviewed
CVE-2021-45960
was published
Feb 10, 2022
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux...
High
Unreviewed
CVE-2021-4154
was published
Feb 11, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd...
High
Unreviewed
CVE-2021-22042
was published
Feb 17, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor...
High
Unreviewed
CVE-2021-22050
was published
Feb 17, 2022
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way...
High
Unreviewed
CVE-2021-22043
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB...
Moderate
Unreviewed
CVE-2021-22041
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB...
Moderate
Unreviewed
CVE-2021-22040
was published
Feb 17, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24052
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24050
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24051
was published
Feb 19, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of...
High
Unreviewed
CVE-2022-24048
was published
Feb 19, 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is...
Critical
Unreviewed
CVE-2022-0543
was published
Feb 19, 2022
Due to the formatting logic of the "console.table()" function it was not safe to allow user...
High
Unreviewed
CVE-2022-21824
was published
Feb 25, 2022
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5...
High
Unreviewed
CVE-2022-26490
was published
Mar 7, 2022
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when...
High
Unreviewed
CVE-2021-3748
was published
Mar 24, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
High
CVE-2018-25032
was published
for
nokogiri
(RubyGems)
Mar 26, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API