Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption)... High Unreviewed
CVE-2019-18214 was published May 24, 2022
A missing check on incoming client requests can be exploited to cause a situation where the Kea... Moderate Unreviewed
CVE-2019-6474 was published May 24, 2022
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls... High Unreviewed
CVE-2018-21028 was published May 24, 2022
libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct. Moderate Unreviewed
CVE-2019-17371 was published May 24, 2022
A failure to free memory can occur when processing messages having a specific combination of EDNS... High Unreviewed
CVE-2018-5744 was published May 24, 2022
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. High Unreviewed
CVE-2019-17183 was published May 24, 2022
A service worker can send the activate event on itself periodically which allows it to run... High Unreviewed
CVE-2018-5179 was published May 24, 2022
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are... Moderate Unreviewed
CVE-2011-1490 was published Apr 22, 2022
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were... Moderate Unreviewed
CVE-2011-1489 was published Apr 22, 2022
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has... Low Unreviewed
CVE-2020-12768 was published May 24, 2022
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in... Low Unreviewed
CVE-2020-12656 was published May 24, 2022
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad... Moderate Unreviewed
CVE-2020-8991 was published May 24, 2022
Missing Release of Resource after Effective Lifetime in Apache Tomcat High
CVE-2021-42340 was published for org.apache.tomcat:tomcat (Maven) Oct 15, 2021
sunSUNQ
Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted... Moderate Unreviewed
CVE-2024-22383 was published Mar 5, 2024
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which... High Unreviewed
CVE-2010-4657 was published Apr 21, 2022
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows... Moderate Unreviewed
CVE-1999-1127 was published Apr 30, 2022
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions,... Moderate Unreviewed
CVE-2007-0897 was published May 1, 2022
IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU... Moderate Unreviewed
CVE-2008-2122 was published May 1, 2022
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed... High Unreviewed
CVE-2024-21789 was published Feb 14, 2024
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and... High Unreviewed
CVE-2007-4103 was published May 1, 2022
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log... Moderate Unreviewed
CVE-2022-26356 was published Apr 6, 2022
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA)... High Unreviewed
CVE-2023-20095 was published Nov 1, 2023
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could... Moderate Unreviewed
CVE-2023-31274 was published Jan 18, 2024
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all... Low Unreviewed
CVE-2023-47216 was published Jan 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database