Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
Windows CoreMessaging Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-20694 was published Jan 9, 2024
there is a possible Information Disclosure due to uninitialized data. This could lead to local... Moderate Unreviewed
CVE-2024-29745 was published Apr 5, 2024
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-26209 was published Apr 9, 2024
Windows Mobile Hotspot Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-26220 was published Apr 9, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects High
GHSA-xfhw-6mc4-mgxf was published for crayon (Rust) Apr 5, 2024
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther... Moderate Unreviewed
CVE-2023-31192 was published Oct 12, 2023
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to... Moderate Unreviewed
CVE-2023-21276 was published Aug 15, 2023
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data.... High Unreviewed
CVE-2023-21233 was published Aug 15, 2023
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to... Moderate Unreviewed
CVE-2023-22330 was published Aug 11, 2023
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to... Moderate Unreviewed
CVE-2023-3488 was published Jul 28, 2023
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper... Moderate Unreviewed
CVE-2023-36836 was published Jul 14, 2023
The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized... Moderate Unreviewed
CVE-2021-0948 was published Jul 13, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it... High Unreviewed
CVE-2023-35847 was published Jun 19, 2023
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in... Moderate Unreviewed
CVE-2023-2747 was published Jun 15, 2023
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to... High Unreviewed
CVE-2023-21127 was published Jun 15, 2023
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of... High Unreviewed
CVE-2023-28967 was published Apr 18, 2023
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi... Moderate Unreviewed
CVE-2023-22897 was published Apr 13, 2023
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory,... Moderate Unreviewed
CVE-2021-30027 was published May 24, 2022
When using gdImageCreateFromXbm() function of gd extension in versions 7.1.x below 7.1.30, 7.2.x... Moderate Unreviewed
CVE-2019-11038 was published May 24, 2022
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive... Moderate Unreviewed
CVE-2022-40768 was published Sep 19, 2022
** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as... Critical Unreviewed
CVE-2020-36617 was published Dec 18, 2022
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This... Moderate Unreviewed
CVE-2021-22925 was published May 24, 2022
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail... High Unreviewed
CVE-2022-35414 was published Jul 12, 2022
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and... High Unreviewed
CVE-2008-4197 was published May 2, 2022
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused... Moderate Unreviewed
CVE-2008-0063 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API