Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

71 advisories

Loading
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an... High Unreviewed
CVE-2021-23146 was published Nov 19, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14... Moderate Unreviewed
CVE-2021-39917 was published Dec 14, 2021
An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows... High Unreviewed
CVE-2021-44078 was published Dec 27, 2021
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using... Moderate Unreviewed
CVE-2021-40562 was published Jan 13, 2022
A limited authentication bypass vulnerability was discovered that could allow an attacker to... High Unreviewed
CVE-2022-22990 was published Jan 14, 2022
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12... Moderate Unreviewed
CVE-2022-23027 was published Jan 26, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34865 was published Jan 26, 2022
Incorrect Comparison, Permissive List of Allowed Inputs, and Privilege Context Switching Error in PostgreSQL Critical Unreviewed
CVE-2020-25696 was published Feb 15, 2022
In search engine service, there is a possible way to change the default search engine due to an... Moderate Unreviewed
CVE-2022-20072 was published Apr 12, 2022
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the... Moderate Unreviewed
CVE-2005-2801 was published May 1, 2022
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote... Moderate Unreviewed
CVE-2011-3903 was published May 13, 2022
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1... High Unreviewed
CVE-2016-10003 was published May 17, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2020-8864 was published May 24, 2022
An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores... Moderate Unreviewed
CVE-2019-20634 was published May 24, 2022
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive... Moderate Unreviewed
CVE-2020-1741 was published May 24, 2022
An unauthenticated client can trigger denial of service by issuing specially crafted wire... High Unreviewed
CVE-2019-20925 was published May 24, 2022
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC... High Unreviewed
CVE-2020-13559 was published May 24, 2022
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because... Critical Unreviewed
CVE-2020-23359 was published May 24, 2022
oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where... Critical Unreviewed
CVE-2020-23360 was published May 24, 2022
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for... Critical Unreviewed
CVE-2020-23361 was published May 24, 2022
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c... Moderate Unreviewed
CVE-2021-20219 was published May 24, 2022
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as... Moderate Unreviewed
CVE-2020-28200 was published May 24, 2022
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks... Moderate Unreviewed
CVE-2021-0295 was published May 24, 2022
chatwoot is vulnerable to Inefficient Regular Expression Complexity High Unreviewed
CVE-2021-3649 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used. High Unreviewed
CVE-2021-37550 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database