Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,375 advisories

Loading
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Critical Unreviewed
CVE-2021-38575 was published Dec 2, 2021
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST... Critical Unreviewed
CVE-2021-21950 was published Dec 9, 2021
An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST... Critical Unreviewed
CVE-2021-21951 was published Dec 9, 2021
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling... Critical Unreviewed
CVE-2021-40393 was published Dec 23, 2021
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0... Critical Unreviewed
CVE-2021-31617 was published Feb 8, 2022
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM... Critical Unreviewed
CVE-2022-24031 was published Feb 9, 2022
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via... Critical Unreviewed
CVE-2021-46461 was published Feb 15, 2022
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large... Critical Unreviewed
CVE-2021-3657 was published Feb 19, 2022
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red... Critical Unreviewed
CVE-2021-20325 was published Feb 19, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22433 was published Feb 26, 2022
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of... Critical Unreviewed
CVE-2021-22434 was published Feb 26, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22426 was published Feb 26, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22429 was published Feb 26, 2022
There is a vulnerability when configuring permission isolation in smartphones. Successful... Critical Unreviewed
CVE-2021-22431 was published Feb 26, 2022
There is a vulnerability when configuring permission isolation in smartphones. Successful... Critical Unreviewed
CVE-2021-22432 was published Feb 26, 2022
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code... Critical Unreviewed
CVE-2022-25818 was published Mar 11, 2022
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an... Critical Unreviewed
CVE-2021-39708 was published Mar 17, 2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using... Critical Unreviewed
CVE-2021-44496 was published Apr 16, 2022
In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c... Critical Unreviewed
CVE-2007-6762 was published Apr 21, 2022
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c... Critical Unreviewed
CVE-2011-5327 was published Apr 22, 2022
In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn... Critical Unreviewed
CVE-2012-6712 was published Apr 23, 2022
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a... Critical Unreviewed
CVE-2005-3590 was published May 1, 2022
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have... Critical Unreviewed
CVE-2007-5199 was published May 1, 2022
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. Critical Unreviewed
CVE-2007-5341 was published May 1, 2022
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in... Critical Unreviewed
CVE-2009-5153 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database