Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,948
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a... Low Unreviewed
CVE-2026-44597 was published May 7, 2026
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the... Moderate Unreviewed
CVE-2026-40684 was published May 1, 2026
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a... Moderate Unreviewed
CVE-2026-40685 was published May 1, 2026
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server... High Unreviewed
CVE-2026-42255 was published Apr 26, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
CVE-2026-35381 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue Low
CVE-2026-35379 was published for coreutils (Rust) Apr 22, 2026
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility Moderate
CVE-2026-34478 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for... High Unreviewed
CVE-2025-66384 was published Nov 28, 2025
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the... Low Unreviewed
CVE-2025-55174 was published Nov 26, 2025
An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0... High Unreviewed
CVE-2025-58325 was published Oct 14, 2025
Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated... Low Unreviewed
CVE-2025-54568 was published Jul 25, 2025
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related... Moderate Unreviewed
CVE-2025-54567 was published Jul 25, 2025
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the... High Unreviewed
CVE-2025-47227 was published Jul 5, 2025
The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used,... Moderate Unreviewed
CVE-2024-58254 was published Jul 5, 2025
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are... Critical Unreviewed
CVE-2024-50357 was published Nov 29, 2024
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4... Moderate Unreviewed
CVE-2024-5005 was published Oct 11, 2024
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3... Low Unreviewed
CVE-2024-8974 was published Sep 27, 2024
A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various... High Unreviewed
CVE-2024-20317 was published Sep 11, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6... Moderate Unreviewed
CVE-2024-6502 was published Aug 22, 2024
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An... Critical Unreviewed
CVE-2024-6425 was published Jul 1, 2024
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV)... High Unreviewed
CVE-2023-5363 was published Oct 25, 2023
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio... Moderate Unreviewed
CVE-2023-5158 was published Sep 25, 2023
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801,... Critical Unreviewed
CVE-2023-24845 was published Aug 8, 2023
Incorrect Provision of Specified Functionality in qutebrowser Low
CVE-2020-11054 was published for qutebrowser (pip) May 8, 2020
The-Compiler Credited to The-Compiler
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database