Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area),... Critical Unreviewed
CVE-2022-20239 was published Aug 11, 2022
An externally controlled reference to a resource vulnerability has been reported to affect QNAP... Critical Unreviewed
CVE-2022-27593 was published Sep 9, 2022
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master... Critical Unreviewed
CVE-2021-43685 was published Dec 2, 2021
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path... Critical Unreviewed
CVE-2021-44041 was published Dec 15, 2021
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been... Critical Unreviewed
CVE-2022-4607 was published Dec 19, 2022
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5,... Critical Unreviewed
CVE-2022-39952 was published Feb 16, 2023
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary... Critical Unreviewed
CVE-2021-20042 was published Dec 9, 2021
Sandbox Breakout in safe-eval Critical
CVE-2017-16088 was published for safe-eval (npm) Jul 18, 2018
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed
CVE-2023-5716 was published Jan 19, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in... Critical Unreviewed
CVE-2019-7290 was published May 24, 2022
Spin applications with specific configuration vulnerable to potential network sandbox escape Critical
CVE-2024-32980 was published for spin-sdk (Rust) May 8, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API