Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,203 advisories

Loading
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses... High Unreviewed
CVE-2008-6564 was published May 17, 2022
An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing... High Unreviewed
CVE-2021-21776 was published May 24, 2022
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID... High Unreviewed
CVE-2020-13534 was published May 24, 2022
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0... High Unreviewed
CVE-2021-1405 was published May 24, 2022
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause... High Unreviewed
CVE-2021-20285 was published May 24, 2022
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and... Critical Unreviewed
CVE-2021-20307 was published May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different... Moderate Unreviewed
CVE-2020-35518 was published May 24, 2022
A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated,... Moderate Unreviewed
CVE-2021-1281 was published May 24, 2022
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for... High Unreviewed
CVE-2021-1309 was published May 24, 2022
An out-of-bounds write vulnerability exists in the SGI format buffer size processing... High Unreviewed
CVE-2021-21782 was published May 24, 2022
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser).... Moderate Unreviewed
CVE-2019-2805 was published May 24, 2022
Cross-site scripting (XSS) vulnerability in account.php in Celerondude Uploader 6.1 allows remote... Moderate Unreviewed
CVE-2008-6396 was published May 17, 2022
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all... Moderate Unreviewed
CVE-2022-1940 was published Jun 7, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming... Moderate Unreviewed
CVE-2022-2758 was published Sep 1, 2022
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop... Moderate Unreviewed
CVE-2022-31402 was published Jun 11, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting,... Moderate Unreviewed
CVE-2022-30611 was published Jun 11, 2022
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or... High Unreviewed
CVE-2022-31649 was published Jun 10, 2022
Ill-formed headers may lead to unexpected behavior in Istio Moderate
CVE-2022-31045 was published for istio.io/istio (Go) Jun 10, 2022
oschaaf
Credited to oschaaf
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing... Moderate Unreviewed
CVE-2022-30610 was published Jun 11, 2022
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to... Low Unreviewed
CVE-2022-22426 was published Jun 11, 2022
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request... High Unreviewed
CVE-2022-22479 was published Jun 11, 2022
Unhandled crash in npm posix High
CVE-2022-21211 was published for posix (npm) Jun 11, 2022
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. Critical Unreviewed
CVE-2021-41755 was published Jun 11, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client... Critical Unreviewed
CVE-2022-29095 was published Jun 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database