GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
40 advisories
Filter by severity
PAN-OS software provides options to exclude specific websites from URL category enforcement and...
Moderate
Unreviewed
CVE-2022-0011
was published
Feb 11, 2022
A null byte interaction error has been discovered in the code that the telnetd_startup daemon...
High
Unreviewed
CVE-2022-25219
was published
Mar 11, 2022
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x...
Moderate
Unreviewed
CVE-2019-5892
was published
May 13, 2022
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of...
High
Unreviewed
CVE-2018-19966
was published
May 13, 2022
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3,...
High
Unreviewed
CVE-2018-6560
was published
May 13, 2022
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic...
Moderate
Unreviewed
CVE-2019-17596
was published
May 24, 2022
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF...
High
Unreviewed
CVE-2019-19589
was published
May 24, 2022
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature...
Moderate
Unreviewed
CVE-2019-18792
was published
May 24, 2022
The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP...
Moderate
Unreviewed
CVE-2020-9363
was published
May 24, 2022
The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted...
Moderate
Unreviewed
CVE-2020-9362
was published
May 24, 2022
For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP...
Moderate
Unreviewed
CVE-2019-19089
was published
May 24, 2022
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE...
High
Unreviewed
CVE-2020-3200
was published
May 24, 2022
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software...
Moderate
Unreviewed
CVE-2020-3564
was published
May 24, 2022
An improper interpretation conflict of certain data between certain software components within...
High
Unreviewed
CVE-2021-0207
was published
May 24, 2022
Microsoft SharePoint Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2021-28474
was published
May 24, 2022
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out...
High
Unreviewed
CVE-2021-29988
was published
May 24, 2022
A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX...
High
Unreviewed
CVE-2021-1587
was published
May 24, 2022
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a...
Critical
Unreviewed
CVE-2021-40870
was published
May 24, 2022
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2021-34699
was published
May 24, 2022
Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS...
Moderate
Unreviewed
CVE-2022-34009
was published
Jul 29, 2022
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558...
Moderate
Unreviewed
CVE-2021-41437
was published
Sep 27, 2022
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW...
High
Unreviewed
CVE-2022-20915
was published
Oct 11, 2022
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE,...
Moderate
Unreviewed
CVE-2022-38115
was published
Nov 23, 2022
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...
Moderate
Unreviewed
CVE-2022-37436
was published
Jan 17, 2023
A improper neutralization of crlf sequences in http headers ('http response splitting') in...
Moderate
Unreviewed
CVE-2022-42472
was published
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API