Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,487 advisories

Loading
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname... Critical Unreviewed
CVE-2022-45706 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter... Critical Unreviewed
CVE-2022-45707 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex... Critical Unreviewed
CVE-2022-45708 was published Dec 23, 2022
An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use... Critical Unreviewed
CVE-2022-47939 was published Dec 23, 2022
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-46642 was published Dec 23, 2022
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an... Critical Unreviewed
CVE-2022-44567 was published Dec 23, 2022
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the... Critical Unreviewed
CVE-2022-46641 was published Dec 23, 2022
An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec... Critical Unreviewed
CVE-2022-41837 was published Dec 23, 2022
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of... Critical Unreviewed
CVE-2022-41794 was published Dec 23, 2022
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF... Critical Unreviewed
CVE-2022-41649 was published Dec 23, 2022
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE... Critical Unreviewed
CVE-2022-38143 was published Dec 23, 2022
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO... Critical Unreviewed
CVE-2022-41838 was published Dec 23, 2022
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in... Critical Unreviewed
CVE-2022-41639 was published Dec 23, 2022
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the... Critical Unreviewed
CVE-2022-46493 was published Dec 23, 2022
An out of date graphics library (Angle) likely contained vulnerabilities that could potentially... Critical Unreviewed
CVE-2021-4127 was published Dec 22, 2022
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.... Critical Unreviewed
CVE-2021-4140 was published Dec 22, 2022
Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson... Critical Unreviewed
CVE-2021-4129 was published Dec 22, 2022
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable... Critical Unreviewed
CVE-2022-26486 was published Dec 22, 2022
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code>... Critical Unreviewed
CVE-2022-26384 was published Dec 22, 2022
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently... Critical Unreviewed
CVE-2022-22759 was published Dec 22, 2022
The search term could have been specified externally to trigger SQL injection. This vulnerability... Critical Unreviewed
CVE-2022-1887 was published Dec 22, 2022
Session history navigations may have led to a use-after-free and potentially exploitable crash.... Critical Unreviewed
CVE-2022-34470 was published Dec 22, 2022
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported... Critical Unreviewed
CVE-2022-31747 was published Dec 22, 2022
A malicious website could have learned the size of a cross-origin resource that supported Range... Critical Unreviewed
CVE-2022-31736 was published Dec 22, 2022
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team... Critical Unreviewed
CVE-2022-29917 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database