Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

259 advisories

Loading
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows... Moderate Unreviewed
CVE-2017-9330 was published May 13, 2022
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is... Moderate Unreviewed
CVE-2016-9776 was published May 13, 2022
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS... Moderate Unreviewed
CVE-2016-7909 was published May 13, 2022
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0... Moderate Unreviewed
CVE-2017-6505 was published May 13, 2022
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly... Moderate Unreviewed
CVE-2016-7908 was published May 13, 2022
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite... Moderate Unreviewed
CVE-2016-1981 was published May 13, 2022
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest... Moderate Unreviewed
CVE-2017-9310 was published May 13, 2022
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload... Moderate Unreviewed
CVE-2017-14058 was published May 13, 2022
The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows... Moderate Unreviewed
CVE-2018-19840 was published May 13, 2022
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function... Moderate Unreviewed
CVE-2019-6462 was published May 13, 2022
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and... Moderate Unreviewed
CVE-2018-20467 was published May 13, 2022
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the... Moderate Unreviewed
CVE-2018-5650 was published May 13, 2022
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest... Moderate Unreviewed
CVE-2017-5973 was published May 13, 2022
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local... Moderate Unreviewed
CVE-2016-8909 was published May 13, 2022
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local... Moderate Unreviewed
CVE-2016-8910 was published May 13, 2022
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which... Moderate Unreviewed
CVE-2018-20482 was published May 13, 2022
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c... Moderate Unreviewed
CVE-2018-10289 was published May 13, 2022
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local... Moderate Unreviewed
CVE-2015-8785 was published May 13, 2022
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to... Moderate Unreviewed
CVE-2013-7488 was published May 5, 2022
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite... Moderate Unreviewed
CVE-2012-0248 was published May 4, 2022
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2010-1282 was published May 2, 2022
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows... Moderate Unreviewed
CVE-2009-2906 was published May 2, 2022
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird... Moderate Unreviewed
CVE-2006-6499 was published May 1, 2022
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2005-2224 was published May 1, 2022
FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers... Moderate Unreviewed
CVE-2005-0851 was published May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database