Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

807 advisories

Loading
Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute... Critical Unreviewed
CVE-2023-31039 was published Jul 6, 2023
Apache StreamPark Improper Input Validation vulnerability Critical
CVE-2022-46365 was published for org.apache.streampark:streampark (Maven) Jul 6, 2023
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform... Critical Unreviewed
CVE-2023-22581 was published Jul 6, 2023
Weak Configuration due to improper input validation in Modem while processing LTE security mode... Critical Unreviewed
CVE-2023-21631 was published Jul 4, 2023
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that... Critical Unreviewed
CVE-2023-28324 was published Jul 1, 2023
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2023-20105 was published Jun 28, 2023
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2023-20192 was published Jun 28, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to... Critical Unreviewed
CVE-2023-21516 was published May 27, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Apache Sling Commons JSON bundle vulnerable to Improper Input Validation Critical
CVE-2022-47937 was published for org.apache.sling:org.apache.sling.commons.json (Maven) May 15, 2023
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially... Critical Unreviewed
CVE-2021-46762 was published May 9, 2023
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker... Critical Unreviewed
CVE-2021-46754 was published May 9, 2023
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor)... Critical Unreviewed
CVE-2021-46756 was published May 9, 2023
Django bypasses validation when using one form field to upload multiple files Critical
CVE-2023-31047 was published for Django (pip) May 7, 2023
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR... Critical Unreviewed
CVE-2023-21504 was published May 4, 2023
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior... Critical Unreviewed
CVE-2023-21503 was published May 4, 2023
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband... Critical Unreviewed
CVE-2023-21494 was published May 4, 2023
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state... Critical Unreviewed
CVE-2022-29606 was published Apr 20, 2023
memory corruption in modem due to improper check while calculating size of serialized CoAP message Critical Unreviewed
CVE-2022-33211 was published Apr 13, 2023
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). Critical Unreviewed
CVE-2023-26068 was published Apr 10, 2023
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). Critical Unreviewed
CVE-2023-26070 was published Apr 10, 2023
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). Critical Unreviewed
CVE-2023-26069 was published Apr 10, 2023
CairoSVG improperly processes SVG files loaded from external resources Critical
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Apache Airflow Sqoop Provider Improper Input Validation vulnerability Critical
CVE-2023-25693 was published for apache-airflow-providers-apache-sqoop (pip) Feb 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database