Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,984
Maven
5,000+
npm
3,701
NuGet
657
pip
3,325
Pub
11
RubyGems
882
Rust
835
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which... Moderate Unreviewed
CVE-2021-45261 was published Dec 23, 2021
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit... Moderate Unreviewed
CVE-2021-40042 was published Feb 1, 2022
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. High Unreviewed
CVE-2022-24958 was published Feb 12, 2022
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that... High Unreviewed
CVE-2007-4367 was published May 1, 2022
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an... Moderate Unreviewed
CVE-2015-2695 was published May 13, 2022
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a... Critical Unreviewed
CVE-2018-6836 was published May 13, 2022
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to... High Unreviewed
CVE-2018-9557 was published May 13, 2022
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product:... High Unreviewed
CVE-2017-0731 was published May 13, 2022
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local... High Unreviewed
CVE-2017-18075 was published May 13, 2022
An invalid free in mb_detect_order can cause the application to crash or potentially result in... High Unreviewed
CVE-2019-11930 was published May 24, 2022
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid... Moderate Unreviewed
CVE-2019-20170 was published May 24, 2022
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a... Moderate Unreviewed
CVE-2020-24371 was published May 24, 2022
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these... High Unreviewed
CVE-2020-15670 was published May 24, 2022
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed... High Unreviewed
CVE-2020-15674 was published May 24, 2022
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some... High Unreviewed
CVE-2020-15673 was published May 24, 2022
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause... High Unreviewed
CVE-2020-5139 was published May 24, 2022
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through... Moderate Unreviewed
CVE-2020-28941 was published May 24, 2022
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd... High Unreviewed
CVE-2020-36224 was published May 24, 2022
An invalid free in Thrift's table-based serialization can cause the application to crash or... Critical Unreviewed
CVE-2021-24028 was published May 24, 2022
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Critical Unreviewed
CVE-2021-30473 was published May 24, 2022
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def... High Unreviewed
CVE-2021-22760 was published May 24, 2022
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::... High Unreviewed
CVE-2020-36404 was published May 24, 2022
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting... High Unreviewed
CVE-2021-28216 was published May 24, 2022
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2.... Critical Unreviewed
CVE-2021-3682 was published May 24, 2022
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language... High Unreviewed
CVE-2021-3939 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database