Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

129 advisories

Loading
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP... High Unreviewed
CVE-2024-22019 was published Feb 20, 2024
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to... High Unreviewed
CVE-2024-39721 was published Oct 31, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox... High Unreviewed
CVE-2024-9399 was published Oct 1, 2024
Pyopenssl Incorrect Memory Management High
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a... High Unreviewed
CVE-2024-36856 was published Jun 12, 2024
The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2,... High Unreviewed
CVE-2024-33844 was published May 3, 2024
A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet... High Unreviewed
CVE-2024-4791 was published May 14, 2024
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU... High Unreviewed
CVE-2019-19331 was published May 24, 2022
Traefik vulnerable to denial of service with Content-length header High
CVE-2024-28869 was published for github.com/traefik/traefik (Go) Apr 12, 2024
Prajithp
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which... High Unreviewed
CVE-2023-5255 was published Oct 3, 2023
DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function)... High Unreviewed
CVE-2023-4882 was published Oct 3, 2023
The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker... High Unreviewed
CVE-2023-29726 was published May 31, 2023
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7... High Unreviewed
CVE-2019-19343 was published May 24, 2022
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an... High Unreviewed
CVE-2019-12625 was published May 24, 2022
A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller ... High Unreviewed
CVE-2019-15262 was published May 24, 2022
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084... High Unreviewed
CVE-2019-6163 was published May 24, 2022
CoreWCF NetFraming based services can leave connections open when they should be closed High
CVE-2024-28252 was published for CoreWCF.NetFramingBase (NuGet) Mar 15, 2024
mirek-kopacka birojnayak
mconnew
Improper Resource Shutdown or Release in Apache Tomcat High
CVE-2017-5650 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
A vulnerability, which was classified as problematic, was found in Redis. Affected is the... High Unreviewed
CVE-2022-3647 was published Oct 21, 2022
A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by... High Unreviewed
CVE-2023-7209 was published Jan 7, 2024
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. High Unreviewed
CVE-2019-20388 was published May 24, 2022
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix... High Unreviewed
CVE-2023-2379 was published Apr 28, 2023
GoPistolet vulnerable to Improper Resource Shutdown or Release High
CVE-2015-10085 was published for github.com/gopistolet/gopistolet (Go) Feb 21, 2023
Resource leakage when decoding certificates and keys High
CVE-2022-1473 was published for openssl-src (Rust) May 4, 2022
pinkforest
A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software... High Unreviewed
CVE-2020-3555 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database