GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will...
High
Unreviewed
CVE-2023-1668
was published
Apr 11, 2023
Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2...
Moderate
Unreviewed
CVE-2022-26841
was published
Feb 16, 2023
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools...
High
Unreviewed
CVE-2022-27808
was published
Feb 16, 2023
Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before...
High
Unreviewed
CVE-2022-36278
was published
Feb 16, 2023
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a...
High
Unreviewed
CVE-2023-20915
was published
Jan 26, 2023
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically...
High
Unreviewed
CVE-2023-20921
was published
Jan 26, 2023
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Moderate
CVE-2022-41884
was published
for
tensorflow
(pip)
Nov 21, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Moderate
CVE-2022-39354
was published
for
evm
(Rust)
Oct 25, 2022
Solana Pay Vulnerable to Weakness in Transfer Validation Logic
Moderate
CVE-2022-35917
was published
for
@solana/pay
(npm)
Aug 6, 2022
Incorrect handling of invalid surrogate pair characters
High
CVE-2022-31116
was published
for
ujson
(pip)
Jul 5, 2022
Multiple evaluation of contract address in call in vyper
High
CVE-2022-29255
was published
for
vyper
(pip)
Jun 6, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency,...
Moderate
Unreviewed
CVE-2021-43979
was published
May 24, 2022
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco...
High
Unreviewed
CVE-2021-34767
was published
May 24, 2022
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state...
High
Unreviewed
CVE-2021-0517
was published
May 24, 2022
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks...
Moderate
Unreviewed
CVE-2021-0273
was published
May 24, 2022
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left...
High
Unreviewed
CVE-2020-36277
was published
May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine...
Moderate
Unreviewed
CVE-2021-1236
was published
May 24, 2022
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security...
Moderate
Unreviewed
CVE-2021-3011
was published
May 24, 2022
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one...
Moderate
Unreviewed
CVE-2020-35477
was published
May 24, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes
Critical
CVE-2020-1914
was published
for
hermes-engine
(npm)
May 24, 2022
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM)...
Moderate
Unreviewed
CVE-2020-8671
was published
May 24, 2022
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource...
Moderate
Unreviewed
CVE-2020-25598
was published
May 24, 2022
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing...
High
Unreviewed
CVE-2020-25603
was published
May 24, 2022
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non...
Moderate
Unreviewed
CVE-2020-5753
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API