Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information... Moderate Unreviewed
CVE-2023-46100 was published Nov 20, 2023
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther... Moderate Unreviewed
CVE-2023-31192 was published Oct 12, 2023
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may... Moderate Unreviewed
CVE-2023-25586 was published Sep 14, 2023
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may... Moderate Unreviewed
CVE-2023-25585 was published Sep 14, 2023
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the ... Moderate Unreviewed
CVE-2023-25588 was published Sep 14, 2023
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to... Moderate Unreviewed
CVE-2023-21276 was published Aug 15, 2023
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to... Moderate Unreviewed
CVE-2023-22330 was published Aug 11, 2023
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to... Moderate Unreviewed
CVE-2023-3488 was published Jul 28, 2023
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper... Moderate Unreviewed
CVE-2023-36836 was published Jul 14, 2023
The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized... Moderate Unreviewed
CVE-2021-0948 was published Jul 13, 2023
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in... Moderate Unreviewed
CVE-2023-2747 was published Jun 15, 2023
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi... Moderate Unreviewed
CVE-2023-22897 was published Apr 13, 2023
A vulnerability classified as problematic has been found in Linux Kernel. This affects the... Moderate Unreviewed
CVE-2022-3642 was published Oct 21, 2022
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive... Moderate Unreviewed
CVE-2022-40768 was published Sep 19, 2022
In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to... Moderate Unreviewed
CVE-2021-0887 was published Aug 25, 2022
In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to... Moderate Unreviewed
CVE-2021-0698 was published Aug 25, 2022
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local... Moderate Unreviewed
CVE-2022-33716 was published Aug 6, 2022
The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a... Moderate Unreviewed
CVE-2022-34266 was published Jul 20, 2022
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service... Moderate Unreviewed
CVE-2021-40608 was published Jun 29, 2022
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
Segfault due to missing support for quantized types Moderate
CVE-2022-29205 was published for tensorflow (pip) May 24, 2022
In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to... Moderate Unreviewed
CVE-2021-0938 was published May 24, 2022
This vulnerability allows local attackers to disclose sensitive information on affected... Moderate Unreviewed
CVE-2021-34855 was published May 24, 2022
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This... Moderate Unreviewed
CVE-2021-22925 was published May 24, 2022
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user... Moderate Unreviewed
CVE-2021-3545 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API