GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability...
High
Unreviewed
CVE-2024-6145
was published
Jun 19, 2024
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that...
High
Unreviewed
CVE-2020-36323
was published
May 24, 2022
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for...
High
Unreviewed
CVE-2022-26941
was published
Oct 19, 2023
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within...
High
Unreviewed
CVE-2023-41349
was published
Sep 18, 2023
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2...
High
Unreviewed
CVE-2023-33011
was published
Jul 17, 2023
A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4,...
High
Unreviewed
CVE-2022-43953
was published
Jun 13, 2023
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May...
High
Unreviewed
CVE-2023-21497
was published
May 4, 2023
A valid, authenticated user may be able to trigger a denial of service of the XCC web user...
High
Unreviewed
CVE-2023-25492
was published
May 1, 2023
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
High
Unreviewed
CVE-2016-10773
was published
May 24, 2022
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows...
High
Unreviewed
CVE-2018-14713
was published
May 24, 2022
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core...
High
Unreviewed
CVE-2014-6262
was published
May 17, 2022
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code...
High
Unreviewed
CVE-2021-35331
was published
May 24, 2022
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused...
High
Unreviewed
CVE-2023-39238
was published
Sep 7, 2023
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API....
High
Unreviewed
CVE-2023-39240
was published
Sep 7, 2023
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This...
High
Unreviewed
CVE-2023-35086
was published
Jul 21, 2023
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This...
High
Unreviewed
CVE-2023-39239
was published
Sep 7, 2023
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0...
High
Unreviewed
CVE-2023-29181
was published
Feb 22, 2024
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP...
High
Unreviewed
CVE-2023-6764
was published
Feb 20, 2024
A format string issue in the Controller 6000's optional diagnostic web interface can be used...
High
Unreviewed
CVE-2023-24590
was published
Dec 19, 2023
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4,...
High
Unreviewed
CVE-2023-36639
was published
Dec 13, 2023
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519...
High
Unreviewed
CVE-2023-4746
was published
Sep 4, 2023
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
A format string vulnerability was found in libinput
High
Unreviewed
CVE-2022-1215
was published
Jun 3, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via...
High
Unreviewed
CVE-2022-3724
was published
Dec 9, 2022
ProTip!
Advisories are also available from the
GraphQL API