Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

217 advisories

Loading
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a... Critical Unreviewed
CVE-2010-20115 was published Aug 21, 2025
An unauthenticated remote attacker can bypass the login to the web application of the affected... Critical Unreviewed
CVE-2025-41648 was published Jul 1, 2025
An unauthorized remote attacker can bypass the authentication of the affected software package by... Critical Unreviewed
CVE-2025-41646 was published Jun 6, 2025
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type... Moderate Unreviewed
CVE-2022-49873 was published May 1, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
Memory corruption while processing IOCTL calls. High Unreviewed
CVE-2024-43058 was published Apr 7, 2025
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an... Moderate Unreviewed
CVE-2025-20072 was published Jan 16, 2025
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of... High Unreviewed
CVE-2018-9339 was published Nov 19, 2024
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39589 was published Sep 18, 2024
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39590 was published Sep 18, 2024
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy... Low Unreviewed
CVE-2024-26015 was published Jul 9, 2024
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302... High Unreviewed
CVE-2024-35303 was published Jun 11, 2024
OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter... Moderate Unreviewed
CVE-2024-36735 was published Jun 6, 2024
transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA. Moderate Unreviewed
CVE-2024-21478 was published Jun 3, 2024
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution... High Unreviewed
CVE-2024-5436 was published May 31, 2024
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage... High Unreviewed
CVE-2024-28130 was published Apr 23, 2024
Transient DOS while processing DL NAS TRANSPORT message with payload length 0. High Unreviewed
CVE-2023-33101 was published Apr 1, 2024
Passing invalid data could have led to invalid wasm values being created, such as arbitrary... Low Unreviewed
CVE-2024-2606 was published Mar 19, 2024
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201... High Unreviewed
CVE-2023-45204 was published Oct 10, 2023
Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write... High Unreviewed
CVE-2023-21651 was published Aug 8, 2023
Memory corruption in Trusted Execution Environment while calling service API with invalid address. High Unreviewed
CVE-2023-21627 was published Aug 8, 2023
Memory corruption in Video while calling APIs with different instance ID than the one received in... High Unreviewed
CVE-2023-21638 was published Jul 4, 2023
Memory corruption in Audio due to incorrect type cast during audio use-cases. High Unreviewed
CVE-2022-33240 was published Jun 6, 2023
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic... High Unreviewed
CVE-2023-28162 was published Jun 2, 2023
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to... High Unreviewed
CVE-2023-25737 was published Jun 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database