GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
321 advisories
Filter by severity
A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD...
High
Unreviewed
CVE-2022-20751
was published
May 4, 2022
A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD)...
High
Unreviewed
CVE-2022-20757
was published
May 4, 2022
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0...
High
Unreviewed
CVE-2009-2726
was published
May 2, 2022
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6...
High
Unreviewed
CVE-2009-2054
was published
May 2, 2022
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2,...
High
Unreviewed
CVE-2008-1700
was published
May 1, 2022
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to...
High
Unreviewed
CVE-2022-29701
was published
Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP...
High
Unreviewed
CVE-2022-22278
was published
Apr 28, 2022
encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large...
High
Unreviewed
CVE-2022-24675
was published
Apr 21, 2022
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with...
High
Unreviewed
CVE-2022-20622
was published
Apr 16, 2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using...
High
Unreviewed
CVE-2021-44502
was published
Apr 16, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner...
High
Unreviewed
CVE-2017-20016
was published
Mar 29, 2022
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU...
High
Unreviewed
CVE-2016-20013
was published
Feb 20, 2022
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote...
High
Unreviewed
CVE-2022-23228
was published
Feb 19, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor...
High
Unreviewed
CVE-2021-22050
was published
Feb 17, 2022
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that...
High
Unreviewed
CVE-2021-41840
was published
Feb 10, 2022
An authenticated user without any specific authorizations may be able to repeatedly invoke the...
High
Unreviewed
CVE-2021-32036
was published
Feb 10, 2022
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely...
High
Unreviewed
CVE-2021-39293
was published
Jan 25, 2022
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this...
High
Unreviewed
CVE-2021-37111
was published
Jan 4, 2022
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older...
High
Unreviewed
CVE-2021-38244
was published
Dec 17, 2021
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular...
High
Unreviewed
CVE-2021-44686
was published
Dec 8, 2021
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the...
High
Unreviewed
CVE-2021-29329
was published
Nov 20, 2021
ProTip!
Advisories are also available from the
GraphQL API