Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
Logic error in Legion of the Bouncy Castle BC Java High
CVE-2020-28052 was published for org.bouncycastle:bcprov-ext-jdk15on (Maven) Apr 30, 2021
Missing Handler in @scandipwa/magento-scripts Moderate
CVE-2021-32684 was published for @scandipwa/magento-scripts (npm) Jun 21, 2021
Specification non-compliance in JUMPI High
CVE-2021-41153 was published for evm (Rust) Oct 19, 2021
Drainage of FeeCollector's Block Transaction Fees in cronos High
CVE-2021-43839 was published for github.com/crypto-org-chain/cronos (Go) Jan 6, 2022
zb3
On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior... High Unreviewed
CVE-2022-26890 was published May 6, 2022
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to... Moderate Unreviewed
CVE-2018-19058 was published May 13, 2022
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a... High Unreviewed
CVE-2018-16766 was published May 13, 2022
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser()... Moderate Unreviewed
CVE-2018-19212 was published May 13, 2022
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network... High Unreviewed
CVE-2019-9946 was published May 13, 2022
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local... High Unreviewed
CVE-2017-0604 was published May 13, 2022
Ansible unsafe evaluation of some strings High
CVE-2014-2686 was published for ansible (pip) May 17, 2022
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid... High Unreviewed
CVE-2019-11412 was published May 24, 2022
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7... Critical Unreviewed
CVE-2019-17192 was published May 24, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and... Moderate Unreviewed
CVE-2020-3885 was published May 24, 2022
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non... Moderate Unreviewed
CVE-2020-5753 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing... High Unreviewed
CVE-2020-25603 was published May 24, 2022
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource... Moderate Unreviewed
CVE-2020-25598 was published May 24, 2022
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM)... Moderate Unreviewed
CVE-2020-8671 was published May 24, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes Critical
CVE-2020-1914 was published for hermes-engine (npm) May 24, 2022
Nsquik troZee
CHaNGeTe mmehtonen-24i bdellegrazie
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one... Moderate Unreviewed
CVE-2020-35477 was published May 24, 2022
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security... Moderate Unreviewed
CVE-2021-3011 was published May 24, 2022
Multiple Cisco products are affected by a vulnerability in the Snort application detection engine... Moderate Unreviewed
CVE-2021-1236 was published May 24, 2022
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left... High Unreviewed
CVE-2020-36277 was published May 24, 2022
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks... Moderate Unreviewed
CVE-2021-0273 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database