GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
109,264 advisories
Filter by severity
Improper Input Validation in yargs-parser
Moderate
Unreviewed
GHSA-ghmj-crg5-xw2j
was published
Feb 15, 2022
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ...
Moderate
Unreviewed
CVE-2020-0905
was published
May 24, 2022
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to...
Moderate
Unreviewed
CVE-2021-37352
was published
May 24, 2022
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted...
Moderate
Unreviewed
CVE-2019-20021
was published
May 24, 2022
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95....
Moderate
Unreviewed
CVE-2019-20051
was published
May 24, 2022
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0...
Moderate
Unreviewed
CVE-2019-9892
was published
May 24, 2022
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to...
Moderate
Unreviewed
CVE-2023-20525
was published
Jan 11, 2023
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows...
Moderate
Unreviewed
CVE-2022-47102
was published
Jan 13, 2023
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community...
Moderate
Unreviewed
CVE-2019-10067
was published
May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15...
Moderate
Unreviewed
CVE-2022-3573
was published
Jan 12, 2023
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Moderate
Unreviewed
CVE-2019-20176
was published
May 24, 2022
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c...
Moderate
Unreviewed
CVE-2019-20096
was published
May 24, 2022
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student...
Moderate
Unreviewed
CVE-2022-46503
was published
Jan 12, 2023
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's...
Moderate
Unreviewed
CVE-2022-42895
was published
Nov 23, 2022
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ...
Moderate
Unreviewed
CVE-2017-16264
was published
Jan 12, 2023
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used...
Moderate
Unreviewed
CVE-2021-46872
was published
Jan 13, 2023
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2....
Moderate
Unreviewed
CVE-2009-10001
was published
Jan 13, 2023
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src...
Moderate
Unreviewed
CVE-2013-0899
was published
May 14, 2022
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the...
Moderate
Unreviewed
CVE-2022-3904
was published
Jan 16, 2023
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This...
Moderate
Unreviewed
CVE-2022-42284
was published
Jan 13, 2023
A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic....
Moderate
Unreviewed
CVE-2023-0327
was published
Jan 16, 2023
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote...
Moderate
Unreviewed
CVE-2022-39195
was published
Jan 17, 2023
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its...
Moderate
Unreviewed
CVE-2022-4464
was published
Jan 16, 2023
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize...
Moderate
Unreviewed
CVE-2022-4442
was published
Jan 16, 2023
The WP Attachments WordPress plugin through 5.0.5 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2022-4330
was published
Jan 16, 2023
ProTip!
Advisories are also available from the
GraphQL API