GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Sandbox Breakout in safe-eval
Critical
CVE-2017-16088
was published
for
safe-eval
(npm)
Jul 18, 2018
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master...
Critical
Unreviewed
CVE-2021-43685
was published
Dec 2, 2021
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary...
Critical
Unreviewed
CVE-2021-20042
was published
Dec 9, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path...
Critical
Unreviewed
CVE-2021-44041
was published
Dec 15, 2021
An access issue was addressed with additional sandbox restrictions. This issue is fixed in...
Critical
Unreviewed
CVE-2019-7290
was published
May 24, 2022
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area),...
Critical
Unreviewed
CVE-2022-20239
was published
Aug 11, 2022
An externally controlled reference to a resource vulnerability has been reported to affect QNAP...
Critical
Unreviewed
CVE-2022-27593
was published
Sep 9, 2022
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been...
Critical
Unreviewed
CVE-2022-4607
was published
Dec 19, 2022
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This...
Critical
Unreviewed
CVE-2014-125044
was published
Jan 5, 2023
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,...
Critical
Unreviewed
CVE-2022-39952
was published
Feb 16, 2023
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to...
Critical
Unreviewed
CVE-2023-5716
was published
Jan 19, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API