Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

5,154 advisories

Loading
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a... Moderate Unreviewed
CVE-2017-5593 was published May 17, 2022
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a... Moderate Unreviewed
CVE-2017-5589 was published May 17, 2022
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a... Moderate Unreviewed
CVE-2017-5604 was published May 17, 2022
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a... Moderate Unreviewed
CVE-2017-5606 was published May 13, 2022
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a... Moderate Unreviewed
CVE-2017-5603 was published May 17, 2022
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent... Moderate Unreviewed
CVE-2016-2781 was published May 13, 2022
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp... Moderate Unreviewed
CVE-2015-8138 was published May 13, 2022
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2016-2517 was published May 17, 2022
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6... Moderate Unreviewed
CVE-2016-5102 was published May 14, 2022
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism... Moderate Unreviewed
CVE-2016-7431 was published May 13, 2022
A local denial of service vulnerability exists in window broadcast message handling functionality... Moderate Unreviewed
CVE-2016-4329 was published May 17, 2022
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images... Moderate Unreviewed
CVE-2016-8106 was published May 17, 2022
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4... Moderate Unreviewed
CVE-2016-1547 was published May 13, 2022
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input... Moderate Unreviewed
CVE-2022-20574 was published Dec 21, 2022
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2... Moderate Unreviewed
CVE-2022-46401 was published Dec 20, 2022
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low... Moderate Unreviewed
CVE-2025-26477 was published Apr 17, 2025
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed
CVE-2022-22757 was published Dec 22, 2022
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do... Moderate Unreviewed
CVE-2022-22749 was published Dec 22, 2022
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This... Moderate Unreviewed
CVE-2025-3677 was published Apr 16, 2025
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue... Moderate Unreviewed
CVE-2023-36505 was published Apr 17, 2024
A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4... Moderate Unreviewed
CVE-2025-3622 was published Apr 15, 2025
A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical.... Moderate Unreviewed
CVE-2025-3590 was published Apr 15, 2025
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0096 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database