Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

233,403 advisories

Loading
Improper Input Validation in yargs-parser Moderate Unreviewed
GHSA-ghmj-crg5-xw2j was published Feb 15, 2022
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ... Moderate Unreviewed
CVE-2020-0905 was published May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an... High Unreviewed
CVE-2021-33056 was published May 24, 2022
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to... Moderate Unreviewed
CVE-2021-37352 was published May 24, 2022
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0... High Unreviewed
CVE-2020-12109 was published May 24, 2022
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory... Low Unreviewed
CVE-2023-20528 was published Jan 11, 2023
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with... High Unreviewed
CVE-2022-42276 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a... High Unreviewed
CVE-2022-42273 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a... High Unreviewed
CVE-2022-42272 was published Jan 13, 2023
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)... High Unreviewed
CVE-2022-3841 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42290 was published Jan 13, 2023
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted... Moderate Unreviewed
CVE-2019-20021 was published May 24, 2022
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95.... Moderate Unreviewed
CVE-2019-20051 was published May 24, 2022
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by... Low Unreviewed
CVE-2020-12872 was published May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0... Moderate Unreviewed
CVE-2019-9892 was published May 24, 2022
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to... Moderate Unreviewed
CVE-2023-20525 was published Jan 11, 2023
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented... Critical Unreviewed
CVE-2022-39185 was published Jan 12, 2023
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows... Moderate Unreviewed
CVE-2022-47102 was published Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject... High Unreviewed
CVE-2022-42279 was published Jan 13, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2022-3573 was published Jan 12, 2023
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community... Moderate Unreviewed
CVE-2019-10067 was published May 24, 2022
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. Moderate Unreviewed
CVE-2019-20176 was published May 24, 2022
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to... High Unreviewed
CVE-2020-15920 was published May 24, 2022
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege... High Unreviewed
CVE-2022-39182 was published Jan 12, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight... Critical Unreviewed
CVE-2023-0245 was published Jan 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database