GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
238,528 advisories
Filter by severity
Improper Input Validation in yargs-parser
Moderate
Unreviewed
GHSA-ghmj-crg5-xw2j
was published
Feb 15, 2022
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ...
Moderate
Unreviewed
CVE-2020-0905
was published
May 24, 2022
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an...
High
Unreviewed
CVE-2021-33056
was published
May 24, 2022
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to...
Moderate
Unreviewed
CVE-2021-37352
was published
May 24, 2022
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0...
High
Unreviewed
CVE-2020-12109
was published
May 24, 2022
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory...
Low
Unreviewed
CVE-2023-20528
was published
Jan 11, 2023
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with...
High
Unreviewed
CVE-2022-42276
was published
Jan 13, 2023
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by...
Low
Unreviewed
CVE-2020-12872
was published
May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0...
Moderate
Unreviewed
CVE-2019-9892
was published
May 24, 2022
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to...
Moderate
Unreviewed
CVE-2023-20525
was published
Jan 11, 2023
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF)...
High
Unreviewed
CVE-2022-3841
was published
Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject...
High
Unreviewed
CVE-2022-42290
was published
Jan 13, 2023
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted...
Moderate
Unreviewed
CVE-2019-20021
was published
May 24, 2022
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95....
Moderate
Unreviewed
CVE-2019-20051
was published
May 24, 2022
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows...
Moderate
Unreviewed
CVE-2022-47102
was published
Jan 13, 2023
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented...
Critical
Unreviewed
CVE-2022-39185
was published
Jan 12, 2023
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a...
High
Unreviewed
CVE-2022-42273
was published
Jan 13, 2023
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a...
High
Unreviewed
CVE-2022-42272
was published
Jan 13, 2023
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject...
High
Unreviewed
CVE-2022-42279
was published
Jan 13, 2023
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community...
Moderate
Unreviewed
CVE-2019-10067
was published
May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15...
Moderate
Unreviewed
CVE-2022-3573
was published
Jan 12, 2023
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege...
High
Unreviewed
CVE-2022-39182
was published
Jan 12, 2023
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to...
High
Unreviewed
CVE-2020-15920
was published
May 24, 2022
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Moderate
Unreviewed
CVE-2019-20176
was published
May 24, 2022
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c...
Moderate
Unreviewed
CVE-2019-20096
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API