GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,363
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23,685 advisories
Filter by severity
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory...
Critical
Unreviewed
CVE-2021-3420
was published
May 24, 2022
Token leases could outlive their TTL in HashiCorp Vault
Critical
CVE-2020-25816
was published
for
github.com/hashicorp/vault
(Go)
May 24, 2022
Ansible Code Injection Vulnerability
Critical
CVE-2014-4678
was published
for
ansible
(pip)
May 24, 2022
Pebble Templates Improper Input Validation vulnerability
Critical
CVE-2019-19899
was published
for
io.pebbletemplates:pebble-project
(Maven)
May 24, 2022
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the...
Critical
Unreviewed
CVE-2019-1384
was published
May 24, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function...
Critical
Unreviewed
CVE-2019-17211
was published
May 24, 2022
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Critical
Unreviewed
CVE-2013-2260
was published
May 24, 2022
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware...
Critical
Unreviewed
CVE-2019-5490
was published
May 24, 2022
Numpy Deserialization of Untrusted Data
Critical
CVE-2019-6446
was published
for
numpy
(pip)
May 24, 2022
Magento 2 Community Edition SQLi Vulnerability
Critical
CVE-2019-7139
was published
for
magento/community-edition
(Composer)
May 24, 2022
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Critical
Unreviewed
CVE-2019-5481
was published
May 24, 2022
Deserialization of Untrusted Data in Apache Tapestry
Critical
CVE-2019-0195
was published
for
org.apache.tapestry:tapestry-core
(Maven)
May 24, 2022
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress...
Critical
Unreviewed
CVE-2019-16119
was published
May 24, 2022
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net...
Critical
Unreviewed
CVE-2019-15937
was published
May 24, 2022
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs...
Critical
Unreviewed
CVE-2019-15938
was published
May 24, 2022
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated,...
Critical
Unreviewed
CVE-2019-14222
was published
May 24, 2022
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data...
Critical
Unreviewed
CVE-2018-11569
was published
May 24, 2022
The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
Critical
Unreviewed
CVE-2019-15111
was published
May 24, 2022
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
Critical
Unreviewed
CVE-2016-10909
was published
May 24, 2022
aubio 0.4.8 and earlier is affected by: Buffer Overflow. The impact is: buffer overflow in strcpy...
Critical
Unreviewed
CVE-2019-1010223
was published
May 24, 2022
Possible buffer overflow while processing the high level lim process action frame due to improper...
Critical
Unreviewed
CVE-2019-2269
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API