GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Reflected cross-site scripting in development mode handler in Vaadin
Low
GHSA-8vfw-v2jv-9hwc
was published
for
com.vaadin:flow-server
(Maven)
Jun 28, 2021
service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android...
Critical
Unreviewed
CVE-2016-6691
was published
May 17, 2022
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain...
High
Unreviewed
CVE-2016-3829
was published
May 17, 2022
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01...
High
Unreviewed
CVE-2016-3827
was published
May 17, 2022
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and...
High
Unreviewed
CVE-2016-3828
was published
May 17, 2022
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
Low
CVE-2021-33604
was published
for
com.vaadin:vaadin-bom
(Maven)
Jun 28, 2021
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7...
Moderate
Unreviewed
CVE-2018-2415
was published
May 13, 2022
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of...
Moderate
Unreviewed
CVE-2018-7173
was published
May 14, 2022
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2....
Moderate
Unreviewed
CVE-2018-7289
was published
May 14, 2022
Update unsound DrainFilter and RString::retain
High
CVE-2020-36213
was published
for
abi_stable
(Rust)
Aug 25, 2021
A security regression of CVE-2019-9636 was discovered in python since commit...
Critical
Unreviewed
CVE-2019-10160
was published
May 24, 2022
restforce vulnerable to Improper Input Validation
Critical
CVE-2018-3777
was published
for
restforce
(RubyGems)
Aug 3, 2018
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security...
Moderate
Unreviewed
CVE-2019-12677
was published
May 24, 2022
The kstring integration in gix-attributes is unsound
Low
GHSA-cx7h-h87r-jpgr
was published
for
gix-attributes
(Rust)
Jul 25, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Low
CVE-2024-48909
was published
for
github.com/authzed/spicedb
(Go)
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API