Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

107 advisories

Loading
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability... High Unreviewed
CVE-2019-18602 was published May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles... High Unreviewed
CVE-2019-5067 was published May 24, 2022
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03... High Unreviewed
CVE-2019-13220 was published May 24, 2022
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function... High Unreviewed
CVE-2019-13135 was published May 24, 2022
Uninitialized read in Nokogiri gem High
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote... High Unreviewed
CVE-2015-8390 was published May 17, 2022
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which... High Unreviewed
CVE-2015-3414 was published May 14, 2022
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking... High Unreviewed
CVE-2019-9578 was published May 13, 2022
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could... High Unreviewed
CVE-2018-15911 was published May 13, 2022
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer... High Unreviewed
CVE-2018-7166 was published May 13, 2022
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE... High Unreviewed
CVE-2017-9098 was published May 13, 2022
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG,... High Unreviewed
CVE-2018-6981 was published May 13, 2022
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4... High Unreviewed
CVE-2015-5165 was published May 13, 2022
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows... High Unreviewed
CVE-2010-2556 was published May 13, 2022
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows... High Unreviewed
CVE-2010-3346 was published May 13, 2022
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote... High Unreviewed
CVE-2010-2559 was published May 13, 2022
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote... High Unreviewed
CVE-2010-2557 was published May 13, 2022
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows... High Unreviewed
CVE-2011-1254 was published May 13, 2022
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows... High Unreviewed
CVE-2011-1256 was published May 13, 2022
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows... High Unreviewed
CVE-2011-1262 was published May 13, 2022
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote... High Unreviewed
CVE-2011-1251 was published May 13, 2022
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6... High Unreviewed
CVE-2011-1266 was published May 13, 2022
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote... High Unreviewed
CVE-2010-3343 was published May 13, 2022
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet... High Unreviewed
CVE-2011-1255 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API