GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
323 advisories
Filter by severity
In jpeg, there is a possible use after free due to a race condition. This could lead to local...
Moderate
Unreviewed
CVE-2022-32608
was published
Nov 9, 2022
Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may...
Moderate
Unreviewed
CVE-2022-21198
was published
Nov 11, 2022
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI...
High
Unreviewed
CVE-2022-33908
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI...
High
Unreviewed
CVE-2022-33983
was published
Nov 15, 2022
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could...
Moderate
Unreviewed
CVE-2022-33986
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the HddPassword software SMI...
High
Unreviewed
CVE-2022-33909
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler...
High
Unreviewed
CVE-2022-33905
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software...
Moderate
Unreviewed
CVE-2022-32267
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI...
High
Unreviewed
CVE-2022-33985
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI...
High
Unreviewed
CVE-2022-33984
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI...
Moderate
Unreviewed
CVE-2022-33906
was published
Nov 15, 2022
Update description and links DMA transactions which are targeted at input buffers used for the...
Moderate
Unreviewed
CVE-2022-31243
was published
Nov 15, 2022
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after...
Moderate
Unreviewed
CVE-2022-30774
was published
Nov 15, 2022
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe...
Moderate
Unreviewed
CVE-2022-32266
was published
Nov 15, 2022
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after...
Moderate
Unreviewed
CVE-2022-30773
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe...
High
Unreviewed
CVE-2022-34325
was published
Nov 15, 2022
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead...
Moderate
Unreviewed
CVE-2022-33982
was published
Nov 15, 2022
DMA transactions which are targeted at input buffers used for the software SMI handler used by...
Moderate
Unreviewed
CVE-2022-33907
was published
Nov 15, 2022
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB...
High
Unreviewed
CVE-2022-30283
was published
Nov 16, 2022
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged...
High
Unreviewed
CVE-2022-34830
was published
Nov 23, 2022
Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to...
Low
Unreviewed
CVE-2022-45842
was published
Nov 30, 2022
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022...
High
Unreviewed
CVE-2022-39908
was published
Dec 8, 2022
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service...
High
Unreviewed
CVE-2022-44651
was published
Dec 12, 2022
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID...
High
Unreviewed
CVE-2022-44670
was published
Dec 13, 2022
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused...
High
Unreviewed
CVE-2022-22753
was published
Dec 22, 2022
ProTip!
Advisories are also available from the
GraphQL API