Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,133
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

15 advisories

Loading
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a... Critical Unreviewed
CVE-2010-20115 was published Aug 21, 2025
An unauthenticated remote attacker can bypass the login to the web application of the affected... Critical Unreviewed
CVE-2025-41648 was published Jul 1, 2025
An unauthorized remote attacker can bypass the authentication of the affected software package by... Critical Unreviewed
CVE-2025-41646 was published Jun 6, 2025
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of... Critical Unreviewed
CVE-2022-43663 was published Mar 20, 2023
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue... Critical Unreviewed
CVE-2022-3979 was published Nov 14, 2022
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl... Critical Unreviewed
CVE-2016-7398 was published May 24, 2022
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to... Critical Unreviewed
CVE-2019-2097 was published May 24, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed
CVE-2017-9183 was published May 17, 2022
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection... Critical Unreviewed
CVE-2016-7979 was published May 14, 2022
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion... Critical Unreviewed
CVE-2018-4920 was published May 14, 2022
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful... Critical Unreviewed
CVE-2018-15981 was published May 14, 2022
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006... Critical Unreviewed
CVE-2018-12812 was published May 14, 2022
MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to... Critical Unreviewed
CVE-2018-14403 was published May 13, 2022
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion... Critical Unreviewed
CVE-2018-4944 was published May 13, 2022
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X... Critical Unreviewed
CVE-2016-6992 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database