Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

740 advisories

Loading
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before... Moderate Unreviewed
CVE-2019-15165 was published May 24, 2022
rdiffweb vulnerable to potential DoS via memory consumption High
CVE-2022-3298 was published for rdiffweb (pip) Sep 27, 2022
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd)... Low Unreviewed
CVE-2020-10717 was published May 24, 2022
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in... Moderate Unreviewed
CVE-2020-6610 was published May 24, 2022
rdiffweb has no rate limit on resend email feature Moderate
CVE-2022-4723 was published for rdiffweb (pip) Dec 27, 2022
pyftpdlib vulnerable to allocation of resources without limits Moderate
CVE-2007-6740 was published for pyftpdlib (pip) May 1, 2022
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or... High Unreviewed
CVE-2022-34439 was published Oct 21, 2022
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit... High Unreviewed
CVE-2020-14405 was published May 24, 2022
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. Moderate Unreviewed
CVE-2020-15806 was published May 24, 2022
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote... High Unreviewed
CVE-2020-27978 was published May 24, 2022
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. High Unreviewed
CVE-2020-8037 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping... Moderate Unreviewed
CVE-2020-29570 was published May 24, 2022
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback... High Unreviewed
CVE-2020-29487 was published May 24, 2022
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An... High Unreviewed
CVE-2020-9124 was published May 24, 2022
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored... Moderate Unreviewed
CVE-2020-29486 was published May 24, 2022
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of... Moderate Unreviewed
CVE-2020-29567 was published May 24, 2022
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough... High Unreviewed
CVE-2020-35359 was published May 24, 2022
An attacker-controlled memory allocation size can be passed to the C++ new operator in the... Moderate Unreviewed
CVE-2020-5806 was published May 24, 2022
NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerability in the vGPU plugin in... High Unreviewed
CVE-2021-1057 was published May 24, 2022
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it... High Unreviewed
CVE-2020-14322 was published Aug 17, 2022
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation... High Unreviewed
CVE-2021-25173 was published May 24, 2022
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2021-1350 was published May 24, 2022
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system... Moderate Unreviewed
CVE-2020-25650 was published May 24, 2022
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client... Moderate Unreviewed
CVE-2020-25652 was published May 24, 2022
IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by... Moderate Unreviewed
CVE-2022-22488 was published Dec 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database