Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,749
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

847 advisories

Loading
Ansible fails to properly mark lookup-plugin results as unsafe Critical
CVE-2017-7481 was published for ansible (pip) Sep 6, 2018
decsecre583
Microsoft Outlook Remote Code Execution Vulnerability Critical Unreviewed
CVE-2024-21413 was published Feb 13, 2024
Apache Ranger UI vulnerable to Server Side Request Forgery Critical
CVE-2024-45479 was published for org.apache.ranger:ranger (Maven) Jan 22, 2025
U-Boot vulnerability resulting in persistent Code Execution  Critical Unreviewed
CVE-2023-48425 was published Dec 11, 2023
Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve... Critical Unreviewed
CVE-2025-41377 was published May 23, 2025
libpng before 1.6.32 does not properly check the length of chunks against the user limit. Critical Unreviewed
CVE-2017-12652 was published May 24, 2022
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on... Critical Unreviewed
CVE-2023-45161 was published Nov 6, 2023
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on... Critical Unreviewed
CVE-2023-45163 was published Nov 6, 2023
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack... Critical Unreviewed
CVE-2023-5964 was published Nov 6, 2023
Gardener allows bypassing project secret validation which can lead to privilege escalation Critical
CVE-2025-47283 was published for github.com/gardener/gardener (Go) May 19, 2025
petersutter rfranzke
donistz timuthy JordanJordanov
Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation Critical
CVE-2025-47282 was published for github.com/gardener/external-dns-management (Go) May 19, 2025
petersutter donistz
MartinWeindel JordanJordanov
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43560 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input... Critical Unreviewed
CVE-2025-43559 was published May 13, 2025
Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that... Critical Unreviewed
CVE-2025-1087 was published May 9, 2025
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz
Multipart-file uploads call variables to be improperly registered in the global scope. In cases... Critical Unreviewed
CVE-2018-6334 was published May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on... Critical Unreviewed
CVE-2018-9866 was published May 13, 2022
In wlan service, there is a possible out of bounds write due to improper input validation. This... Critical Unreviewed
CVE-2024-20017 was published Mar 4, 2024
iTerm2 before 3.4.18 mishandles a DECRQSS response. Critical Unreviewed
CVE-2022-45872 was published Nov 24, 2022
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform... Critical Unreviewed
CVE-2022-36784 was published Jul 6, 2023
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote... Critical Unreviewed
CVE-2024-0864 was published Feb 29, 2024
An issue existed in the parsing of URLs. This issue was addressed with improved input validation.... Critical Unreviewed
CVE-2022-42837 was published Dec 15, 2022
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to... Critical Unreviewed
CVE-2017-3191 was published May 13, 2022
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration,... Critical Unreviewed
CVE-2017-16845 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database