GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,525
NuGet
611
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer...
High
Unreviewed
CVE-2024-2961
was published
Apr 17, 2024
JSZip contains Path Traversal via loadAsync
High
CVE-2022-48285
was published
for
jszip
(npm)
Jan 29, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
golang.org/x/net/http2 Denial of Service vulnerability
High
CVE-2022-27664
was published
for
golang.org/x/net
(Go)
Sep 7, 2022
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to ping floods
High
CVE-2019-9512
was published
for
golang.org/x/net
(Go)
May 24, 2022
Improper handling of case sensitivity in Spring Framework
High
CVE-2022-22968
was published
for
org.springframework:spring-context
(Maven)
Apr 15, 2022
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in...
Critical
Unreviewed
CVE-2022-36648
was published
Aug 22, 2023
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially...
High
Unreviewed
CVE-2022-4139
was published
Jul 6, 2023
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4...
High
Unreviewed
CVE-2022-33179
was published
Jul 6, 2023
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when...
High
Unreviewed
CVE-2022-27778
was published
Jun 3, 2022
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow...
Unknown
Unreviewed
CVE-2022-23085
was published
Feb 15, 2024
Deeply nested json in jackson-databind
High
CVE-2020-36518
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Mar 12, 2022
Uncontrolled Resource Consumption in Jackson-databind
High
CVE-2022-42003
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Arbitrary code execution in Apache Commons Text
Critical
CVE-2022-42889
was published
for
com.guicedee.services:commons-text
(Maven)
Oct 13, 2022
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly...
High
Unreviewed
CVE-2022-48502
was published
May 31, 2023
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow...
Moderate
Unreviewed
CVE-2023-28870
was published
Dec 9, 2023
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead...
High
Unreviewed
CVE-2022-2601
was published
Dec 14, 2022
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid...
High
Unreviewed
CVE-2019-25013
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API