Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

706 advisories

Loading
Microsoft Outlook Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21413 was published Feb 13, 2024
U-Boot vulnerability resulting in persistent Code Execution  Critical Unreviewed
CVE-2023-48425 was published Dec 11, 2023
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve... Critical Unreviewed
CVE-2025-41377 was published May 23, 2025
libpng before 1.6.32 does not properly check the length of chunks against the user limit. Critical Unreviewed
CVE-2017-12652 was published May 24, 2022
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on... Critical Unreviewed
CVE-2023-45161 was published Nov 6, 2023
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on... Critical Unreviewed
CVE-2023-45163 was published Nov 6, 2023
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack... Critical Unreviewed
CVE-2023-5964 was published Nov 6, 2023
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43560 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43559 was published May 13, 2025
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
Multipart-file uploads call variables to be improperly registered in the global scope. In cases... Critical Unreviewed
CVE-2018-6334 was published May 13, 2022
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
In wlan service, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed
CVE-2024-20017 was published Mar 4, 2024
iTerm2 before 3.4.18 mishandles a DECRQSS response. Critical Unreviewed
CVE-2022-45872 was published Nov 24, 2022
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform... Critical Unreviewed
CVE-2022-36784 was published Jul 6, 2023
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote... Critical Unreviewed
CVE-2024-0864 was published Feb 29, 2024
An issue existed in the parsing of URLs. This issue was addressed with improved input validation.... Critical Unreviewed
CVE-2022-42837 was published Dec 15, 2022
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to... Critical Unreviewed
CVE-2017-3191 was published May 13, 2022
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed
CVE-2017-16845 was published May 13, 2022
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx... Critical Unreviewed
CVE-2017-12367 was published May 13, 2022
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a... Critical Unreviewed
CVE-2017-6315 was published May 17, 2022
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x... Critical Unreviewed
CVE-2017-9800 was published May 13, 2022
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote... Critical Unreviewed
CVE-2015-7705 was published May 13, 2022
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote... Critical Unreviewed
CVE-2017-11394 was published May 17, 2022
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux... Critical Unreviewed
CVE-2017-9811 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database