Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as... Critical Unreviewed
CVE-2020-36617 was published Dec 18, 2022
An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a... Critical Unreviewed
CVE-2021-36219 was published May 24, 2022
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS... Critical Unreviewed
CVE-2021-1619 was published May 24, 2022
Uninitialized pointers accessed during music play back with incorrect bit stream due to an... Critical Unreviewed
CVE-2020-11138 was published May 24, 2022
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version... Critical Unreviewed
CVE-2017-12561 was published May 14, 2022
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an... Critical Unreviewed
CVE-2018-19857 was published May 14, 2022
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a... Critical Unreviewed
CVE-2018-14356 was published May 13, 2022
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in... Critical Unreviewed
CVE-2018-17141 was published May 13, 2022
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS... Critical Unreviewed
CVE-2018-11743 was published May 7, 2022
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow Critical
GHSA-h6gw-r52c-724r was published for tensorflow (pip) Feb 9, 2022
Incomplete validation in boosted trees code Critical
CVE-2021-41208 was published for tensorflow (pip) Nov 10, 2021
Access of Uninitialized Pointer in linked-hash-map Critical
CVE-2020-25573 was published for linked-hash-map (Rust) Aug 25, 2021
Asyncpg Arbitrary Code Execution Via Access to an Uninitialized Pointer Critical
CVE-2020-17446 was published for asyncpg (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API