Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

305,616 advisories

Loading
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be... Moderate Unreviewed
CVE-2023-2088 was published May 12, 2023
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary... Moderate Unreviewed
CVE-2022-37704 was published Apr 16, 2023
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input... High Unreviewed
CVE-2022-26125 was published Mar 4, 2022
Possible cross-site scripting vulnerability in libxml after commit 960f0e2. Moderate Unreviewed
CVE-2016-3709 was published Jul 29, 2022
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the... High Unreviewed
CVE-2022-26128 was published Mar 4, 2022
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled ... Critical Unreviewed
CVE-2021-43301 was published Feb 17, 2022
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename'... Critical Unreviewed
CVE-2021-43300 was published Feb 17, 2022
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the... High Unreviewed
CVE-2022-26127 was published Mar 4, 2022
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename'... Critical Unreviewed
CVE-2021-43299 was published Feb 17, 2022
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered... Moderate Unreviewed
CVE-2021-3658 was published Mar 4, 2022
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with... High Unreviewed
CVE-2022-0204 was published Mar 11, 2022
An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a... Critical Unreviewed
CVE-2021-43400 was published May 24, 2022
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2,... Moderate Unreviewed
CVE-2019-1387 was published May 24, 2022
Apache httpd allows remote attackers to read secret data from process memory if the Limit... High Unreviewed
CVE-2017-9798 was published May 13, 2022
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by... Critical Unreviewed
CVE-2017-3167 was published May 13, 2022
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password... High Unreviewed
CVE-2015-7928 was published May 17, 2022
Apache Tiles: Unvalidated input may lead to path traversal and XXE High
CVE-2023-49735 was published for org.apache.struts:struts-tiles (Maven) Dec 1, 2023
ryanmurf
Credited to ryanmurf
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` High
CVE-2025-62727 was published for starlette (pip) Oct 28, 2025
ch4n3-yoon nadavaseal
Credited to ch4n3-yoon and nadavaseal
DSPy does not properly restrict file reads Moderate
CVE-2025-12695 was published for dspy (pip) Nov 4, 2025
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
Credited to Masamuneee, ioquatix, and jeremyevans
Predictable results in nanoid generation when given non-integer values Moderate
CVE-2024-55565 was published for nanoid (npm) Dec 9, 2024
krassowski katzj
CrzyHAX91
Credited to krassowski, katzj, and CrzyHAX91
Tornado has an HTTP cookie parsing DoS vulnerability High
CVE-2024-52804 was published for tornado (pip) Nov 22, 2024
kexinoh
Credited to kexinoh
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal Moderate
CVE-2024-50336 was published for matrix-js-sdk (npm) Nov 12, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Credited to DarkaMaul
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database