Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,882 advisories

Loading
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when... High Unreviewed
CVE-2016-1714 was published May 13, 2022
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an... High Unreviewed
CVE-2015-8388 was published May 13, 2022
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive... High Unreviewed
CVE-2015-8386 was published May 13, 2022
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain... High Unreviewed
CVE-2015-8385 was published May 13, 2022
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in... Moderate Unreviewed
CVE-2015-0564 was published May 13, 2022
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP... High Unreviewed
CVE-2015-3329 was published May 13, 2022
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a... Moderate Unreviewed
CVE-2013-4312 was published May 13, 2022
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the... Moderate Unreviewed
CVE-2014-6273 was published May 13, 2022
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory... Moderate Unreviewed
CVE-2017-14165 was published May 13, 2022
Multiple memory corruption issues were addressed with improved memory handling. This issue... High Unreviewed
CVE-2018-4386 was published May 13, 2022
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in... Moderate Unreviewed
CVE-2017-11576 was published May 13, 2022
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c)... High Unreviewed
CVE-2017-11571 was published May 13, 2022
FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c)... High Unreviewed
CVE-2017-11574 was published May 13, 2022
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This... Critical Unreviewed
CVE-2018-0721 was published May 13, 2022
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code... High Unreviewed
CVE-2017-1000376 was published May 13, 2022
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a... Moderate Unreviewed
CVE-2014-4342 was published May 13, 2022
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka... High Unreviewed
CVE-2015-2698 was published May 13, 2022
The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and... Moderate Unreviewed
CVE-2013-6691 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is... High Unreviewed
CVE-2016-4764 was published May 13, 2022
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap... High Unreviewed
CVE-2017-16669 was published May 13, 2022
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which... Critical Unreviewed
CVE-2016-4303 was published May 13, 2022
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial... High Unreviewed
CVE-2017-17497 was published May 13, 2022
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to... High Unreviewed
CVE-2014-1692 was published May 13, 2022
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute... Critical Unreviewed
CVE-2018-0487 was published May 13, 2022
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP... Critical Unreviewed
CVE-2018-8476 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database