Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

39 advisories

A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5... Critical Unreviewed
CVE-2021-42911 was published Mar 30, 2022
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker... Critical Unreviewed
CVE-2022-26674 was published Apr 23, 2022
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and... Critical Unreviewed
CVE-2021-20307 was published May 24, 2022
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as... Critical Unreviewed
CVE-2017-12588 was published May 17, 2022
CloudView NMS before 2.10a has a format string issue exploitable over SNMP. Critical Unreviewed
CVE-2016-5074 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue... Critical Unreviewed
CVE-2015-7271 was published May 17, 2022
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the... Critical Unreviewed
CVE-2020-36619 was published Dec 19, 2022
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the... Critical Unreviewed
CVE-2020-36643 was published Jan 6, 2023
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the... Critical Unreviewed
CVE-2022-4639 was published Dec 22, 2022
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash)... Critical Unreviewed
CVE-2020-27853 was published May 24, 2022
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could... Critical Unreviewed
CVE-2022-34747 was published Sep 7, 2022
A format string injection vulnerability exists in the ghome_process_control_packet functionality... Critical Unreviewed
CVE-2022-33938 was published Oct 25, 2022
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode... Critical Unreviewed
CVE-2022-35244 was published Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode... Critical Unreviewed
CVE-2022-35874 was published Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode... Critical Unreviewed
CVE-2022-35877 was published Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode... Critical Unreviewed
CVE-2022-35875 was published Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode... Critical Unreviewed
CVE-2022-35876 was published Oct 25, 2022
Remote Code Execution in Apache Dubbo Critical
CVE-2021-36161 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17407 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16608 was published May 13, 2022
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input... Critical Unreviewed
CVE-2017-10685 was published May 13, 2022
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized... Critical Unreviewed
CVE-2018-1352 was published May 14, 2022
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a... Critical Unreviewed
CVE-2017-0898 was published May 14, 2022
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX... Critical Unreviewed
CVE-2019-6840 was published May 24, 2022
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in... Critical Unreviewed
CVE-2018-7544 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API