Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's... Critical Unreviewed
CVE-2020-35539 was published Oct 17, 2022
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80
Credited to hedgehog80
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote,... Critical Unreviewed
CVE-2022-28811 was published Sep 29, 2022
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote... Critical Unreviewed
CVE-2022-3075 was published Sep 27, 2022
In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could... Critical Unreviewed
CVE-2022-26447 was published Sep 7, 2022
Remote code execution in Apache Flume Critical
CVE-2022-34916 was published for org.apache.flume.flume-ng-sources:flume-jms-source (Maven) Aug 22, 2022
Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio... Critical Unreviewed
CVE-2021-22289 was published Aug 12, 2022
loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter Critical
CVE-2022-35942 was published for loopback-connector-postgresql (npm) Aug 11, 2022
mgabeler-lee-6rs
Credited to mgabeler-lee-6rs
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... Critical Unreviewed
CVE-2022-20842 was published Aug 11, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... Critical Unreviewed
CVE-2022-20841 was published Aug 11, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to... Critical Unreviewed
CVE-2022-26376 was published Aug 6, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision... Critical Unreviewed
CVE-2022-27631 was published Aug 6, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022... Critical Unreviewed
CVE-2022-28665 was published Aug 6, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022... Critical Unreviewed
CVE-2022-28664 was published Aug 6, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
Credited to aried3r and feross
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a... Critical Unreviewed
CVE-2022-27255 was published Aug 2, 2022
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation,... Critical Unreviewed
CVE-2022-31321 was published Aug 2, 2022
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution... Critical Unreviewed
CVE-2022-36450 was published Jul 26, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, ... Critical Unreviewed
CVE-2020-29507 was published Jul 12, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... Critical Unreviewed
CVE-2020-29508 was published Jul 12, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... Critical Unreviewed
CVE-2020-35169 was published Jul 12, 2022
A data removal vulnerability exists in the web_server /action/remove/ API functionality of... Critical Unreviewed
CVE-2022-28127 was published Jul 1, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be... Critical Unreviewed
CVE-2022-32534 was published Jun 24, 2022
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the... Critical Unreviewed
CVE-2022-33754 was published Jun 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database