Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

585 advisories

Loading
In tzdata there is possible memory corruption due to a mismatch between allocation and... High Unreviewed
CVE-2019-9290 was published May 24, 2022
In Bluetooth, there is a possible remote code execution due to an improper memory allocation.... High Unreviewed
CVE-2019-9291 was published May 24, 2022
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk... High Unreviewed
CVE-2019-16889 was published May 24, 2022
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or... High Unreviewed
CVE-2019-4338 was published May 24, 2022
A peer could send empty handshake fragments containing only padding which would be kept in memory... High Unreviewed
CVE-2019-11924 was published May 24, 2022
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the... High Unreviewed
CVE-2019-15225 was published May 24, 2022
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may... High Unreviewed
CVE-2019-9012 was published May 24, 2022
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially... High Unreviewed
CVE-2019-9517 was published May 24, 2022
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial... High Unreviewed
CVE-2019-9515 was published May 24, 2022
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a... High Unreviewed
CVE-2019-9518 was published May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization... High Unreviewed
CVE-2019-9511 was published May 24, 2022
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17,... High Unreviewed
CVE-2019-10171 was published May 24, 2022
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in... High Unreviewed
CVE-2019-11478 was published May 24, 2022
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This... High Unreviewed
CVE-2019-11479 was published May 24, 2022
An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221... High Unreviewed
CVE-2018-7821 was published May 24, 2022
A vulnerability in the TCP ingress handler for the data interfaces that are configured with... High Unreviewed
CVE-2018-15462 was published May 24, 2022
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper... High Unreviewed
CVE-2019-3721 was published May 24, 2022
OpenStack Nova VMWare driver leaks rescued images High
CVE-2014-2573 was published for nova (pip) May 17, 2022
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream High
CVE-2014-2829 was published for MongooseIM (Erlang) May 17, 2022
Plone is vulnerable to denial of service High
CVE-2012-5499 was published for Plone (pip) May 17, 2022
Django database denial-of-service with ModelMultipleChoiceField High
CVE-2015-0222 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Glance Denial of service by creating a large number of images High
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images High
CVE-2015-1881 was published for glance (pip) May 17, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function High
CVE-2013-1838 was published for nova (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database