Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,040 advisories

Loading
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU... High Unreviewed
CVE-2022-30780 was published Jun 12, 2022
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1... High Unreviewed
CVE-2017-11530 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue... High Unreviewed
CVE-2017-7007 was published May 17, 2022
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS High Unreviewed
CVE-2017-1000064 was published May 17, 2022
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR... Moderate Unreviewed
CVE-2021-26260 was published May 24, 2022
The Rating by BestWebSoft WordPress plugin through 1.5 does not validate the submitted rating,... Moderate Unreviewed
CVE-2021-25121 was published Jun 21, 2022
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1... High Unreviewed
CVE-2017-11526 was published May 17, 2022
On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port... Moderate Unreviewed
CVE-2021-0257 was published May 24, 2022
Uncontrolled Resource Consumption in fast-string-search High
CVE-2022-22138 was published for fast-string-search (npm) Jun 18, 2022
The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory... High Unreviewed
CVE-2016-9643 was published May 17, 2022
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red... Moderate Unreviewed
CVE-2016-6312 was published May 17, 2022
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR... Moderate Unreviewed
CVE-2021-23215 was published May 24, 2022
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An... Moderate Unreviewed
CVE-2021-3478 was published May 24, 2022
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1... High Unreviewed
CVE-2017-11527 was published May 17, 2022
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Credited to DavidKorczynski and AdamKorcz
In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of... Moderate Unreviewed
CVE-2022-20425 was published Oct 12, 2022
Regular expression denial of service in react-native High
CVE-2020-1920 was published for react-native (npm) Jul 20, 2021
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing... High Unreviewed
CVE-2021-24893 was published Jan 4, 2022
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an... Moderate Unreviewed
CVE-2017-0886 was published May 13, 2022
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows... Moderate Unreviewed
CVE-2022-30791 was published Jul 12, 2022
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker... Moderate Unreviewed
CVE-2021-3479 was published May 24, 2022
The simplepush server iterates through the application installations and pushes a notification to... High Unreviewed
CVE-2014-3648 was published Jul 2, 2022
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections... Moderate Unreviewed
CVE-2022-31803 was published Jun 25, 2022
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption... Moderate Unreviewed
CVE-2022-30792 was published Jul 12, 2022
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. High Unreviewed
CVE-2022-32263 was published Jul 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database