Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,425
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

498 advisories

Loading
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc... Critical Unreviewed
CVE-2019-9631 was published May 13, 2022
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers... Critical Unreviewed
CVE-2018-18313 was published May 13, 2022
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a... Critical Unreviewed
CVE-2015-8608 was published May 13, 2022
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper... Critical Unreviewed
CVE-2019-8266 was published May 13, 2022
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in... Critical Unreviewed
CVE-2017-7544 was published May 13, 2022
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a... Critical Unreviewed
CVE-2017-16548 was published May 13, 2022
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to... Critical Unreviewed
CVE-2017-5545 was published May 13, 2022
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers... Critical Unreviewed
CVE-2017-5209 was published May 13, 2022
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device... Critical Unreviewed
CVE-2019-6522 was published May 13, 2022
The implementations of streams for bz2 and php://output improperly implemented their readImpl... Critical Unreviewed
CVE-2019-3557 was published May 13, 2022
LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds read vulnerabilities, which... Critical Unreviewed
CVE-2018-17895 was published May 13, 2022
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified... Critical Unreviewed
CVE-2018-14819 was published May 13, 2022
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco,... Critical Unreviewed
CVE-2018-14790 was published May 13, 2022
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read... Critical Unreviewed
CVE-2018-10623 was published May 13, 2022
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS... Critical Unreviewed
CVE-2018-0310 was published May 13, 2022
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS... Critical Unreviewed
CVE-2018-0304 was published May 13, 2022
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The... Critical Unreviewed
CVE-2017-9283 was published May 13, 2022
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx... Critical Unreviewed
CVE-2017-12369 was published May 13, 2022
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow... Critical Unreviewed
CVE-2016-8620 was published May 13, 2022
An information disclosure vulnerability in the Android media framework (n/a). Product: Android.... Critical Unreviewed
CVE-2017-0854 was published May 13, 2022
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop... Critical Unreviewed
CVE-2017-1000173 was published May 13, 2022
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other... Critical Unreviewed
CVE-2017-10989 was published May 13, 2022
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers... Critical Unreviewed
CVE-2017-11147 was published May 13, 2022
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. Critical Unreviewed
CVE-2017-11542 was published May 13, 2022
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c,... Critical Unreviewed
CVE-2017-11541 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database