GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow...
Moderate
Unreviewed
CVE-2023-28870
was published
Dec 9, 2023
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an...
Moderate
Unreviewed
CVE-2022-22483
was published
Sep 14, 2022
XSS in the `altField` option of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41182
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Regular expression denial of service in apache tika
Moderate
CVE-2022-30126
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
Regular expression denial of service in apache tika
Moderate
CVE-2022-30973
was published
for
org.apache.tika:tika-core
(Maven)
Jun 1, 2022
Microsoft Outlook for Mac Security Feature Bypass Vulnerability.
Moderate
Unreviewed
CVE-2022-23280
was published
Feb 10, 2022
Kubernetes vulnerable to path traversal
Moderate
CVE-2022-3162
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
This vulnerability allows remote attackers to disclose sensitive information on affected...
Moderate
Unreviewed
CVE-2022-28645
was published
Mar 29, 2023
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and...
Moderate
Unreviewed
CVE-2022-3857
was published
Mar 7, 2023
The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0...
Moderate
Unreviewed
CVE-2022-47925
was published
Mar 27, 2023
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator...
Moderate
Unreviewed
CVE-2022-47924
was published
Mar 27, 2023
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in...
Moderate
Unreviewed
CVE-2023-1203
was published
Mar 10, 2023
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB...
Moderate
Unreviewed
CVE-2021-22040
was published
Feb 17, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB...
Moderate
Unreviewed
CVE-2021-22041
was published
Feb 17, 2022
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur...
Moderate
Unreviewed
CVE-2020-25723
was published
May 24, 2022
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs...
Moderate
Unreviewed
CVE-2021-20196
was published
May 24, 2022
Apache Tika vulnerable to uncontrolled memory consumption
Moderate
CVE-2022-25169
was published
for
org.apache.tika:tika
(Maven)
May 17, 2022
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to...
Moderate
Unreviewed
CVE-2021-27043
was published
May 24, 2022
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an...
Moderate
Unreviewed
CVE-2022-22276
was published
Apr 28, 2022
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive...
Moderate
Unreviewed
CVE-2022-22277
was published
Apr 28, 2022
HAProxyMessageDecoder Stack Exhaustion DoS
Moderate
CVE-2022-41881
was published
for
io.netty:netty-codec-haproxy
(Maven)
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API