Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
GHSA-4vr7-g93g-cf6m was published for picklescan (pip) Sep 17, 2025 withdrawn
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could... Critical Unreviewed
CVE-2021-42141 was published Jan 23, 2024
Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA... Critical Unreviewed
CVE-2021-20588 was published May 24, 2022
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers... Critical Unreviewed
CVE-2021-42142 was published Jan 24, 2024
Denial of service in bottle Critical
CVE-2022-31799 was published for bottle (pip) Jun 3, 2022
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability... Critical Unreviewed
CVE-2024-7521 was published Aug 6, 2024
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation Critical
CVE-2017-5638 was published for org.apache.struts:struts2-core (Maven) Oct 18, 2018
sunSUNQ
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a ... Critical Unreviewed
CVE-2023-38406 was published Nov 6, 2023
Due to insufficient file permissions, unprivileged users could gain access to unencrypted... Critical Unreviewed
CVE-2023-21409 was published Aug 3, 2023
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user... Critical Unreviewed
CVE-2023-21408 was published Aug 3, 2023
burn allows file names to escape via mishandled quotation marks Critical Unreviewed
CVE-2009-5043 was published Apr 21, 2022
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles... Critical Unreviewed
CVE-2022-48328 was published Feb 20, 2023
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because... Critical Unreviewed
CVE-2023-47100 was published Dec 3, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-23121 was published Mar 28, 2023
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code... Critical Unreviewed
CVE-2019-12815 was published May 24, 2022
MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model... Critical Unreviewed
CVE-2022-48329 was published Feb 20, 2023
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code... Critical Unreviewed
CVE-2021-4105 was published Feb 24, 2023
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in... Critical Unreviewed
CVE-2019-6256 was published May 13, 2022
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because... Critical Unreviewed
CVE-2018-19991 was published May 13, 2022
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Critical
CVE-2019-17195 was published for com.nimbusds:nimbus-jose-jwt (Maven) Oct 16, 2019
An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA... Critical Unreviewed
CVE-2021-43272 was published May 24, 2022
A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera... Critical Unreviewed
CVE-2017-2877 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database