Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,259
NuGet
760
pip
4,052
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,305 advisories

Loading
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker... Moderate Unreviewed
CVE-2021-3479 was published May 24, 2022
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An... Moderate Unreviewed
CVE-2021-3478 was published May 24, 2022
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument... High Unreviewed
CVE-2021-28302 was published May 24, 2022
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part... Moderate Unreviewed
CVE-2021-28038 was published May 24, 2022
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net,... Moderate Unreviewed
CVE-2021-26931 was published May 24, 2022
NFStream Local Denial of Service (DoS) Moderate
CVE-2020-25340 was published for nfstream (pip) May 24, 2022
A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions... Moderate Unreviewed
CVE-2021-25666 was published May 24, 2022
An unauthenticated specially crafted packet sent by an attacker over the network will cause a... High Unreviewed
CVE-2020-24685 was published May 24, 2022
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2021-1350 was published May 24, 2022
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation... High Unreviewed
CVE-2021-25173 was published May 24, 2022
A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX... High Unreviewed
CVE-2021-0217 was published May 24, 2022
Excessive memory allocation in graph URLs leads to denial of service in Jenkins Moderate
CVE-2021-21607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in... High Unreviewed
CVE-2021-1057 was published May 24, 2022
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An... High Unreviewed
CVE-2020-9124 was published May 24, 2022
An attacker-controlled memory allocation size can be passed to the C++ new operator in the... Moderate Unreviewed
CVE-2020-5806 was published May 24, 2022
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough... High Unreviewed
CVE-2020-35359 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping... Moderate Unreviewed
CVE-2020-29570 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are... Moderate Unreviewed
CVE-2020-29568 was published May 24, 2022
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of... Moderate Unreviewed
CVE-2020-29567 was published May 24, 2022
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback... High Unreviewed
CVE-2020-29487 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored... Moderate Unreviewed
CVE-2020-29486 was published May 24, 2022
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client... Moderate Unreviewed
CVE-2020-25652 was published May 24, 2022
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system... Moderate Unreviewed
CVE-2020-25650 was published May 24, 2022
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. High Unreviewed
CVE-2020-8037 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database