Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

995 advisories

Loading
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory... Moderate Unreviewed
CVE-2009-2540 was published May 2, 2022
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6... High Unreviewed
CVE-2009-2054 was published May 2, 2022
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the... Moderate Unreviewed
CVE-2008-2364 was published May 1, 2022
The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2,... High Unreviewed
CVE-2008-1700 was published May 1, 2022
pyftpdlib vulnerable to allocation of resources without limits High
CVE-2007-6740 was published for pyftpdlib (pip) May 1, 2022
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to... Moderate Unreviewed
CVE-2005-4650 was published May 1, 2022
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote... Moderate Unreviewed
CVE-2005-2970 was published May 1, 2022
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command... Moderate Unreviewed
CVE-2001-1388 was published Apr 30, 2022
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to... High Unreviewed
CVE-2022-29701 was published Apr 28, 2022
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP... High Unreviewed
CVE-2022-22278 was published Apr 28, 2022
encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode stack overflow via a large... High Unreviewed
CVE-2022-24675 was published Apr 21, 2022
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with... High Unreviewed
CVE-2022-20622 was published Apr 16, 2022
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated... Moderate Unreviewed
CVE-2022-20717 was published Apr 16, 2022
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using... High Unreviewed
CVE-2021-44502 was published Apr 16, 2022
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number... Moderate Unreviewed
CVE-2022-1333 was published Apr 14, 2022
Resource exhaustion in Mattermost Moderate
CVE-2022-1337 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 14, 2022
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14... Moderate Unreviewed
CVE-2022-1121 was published Apr 5, 2022
Allocation of Resources Without Limits or Throttling in Spring Framework Moderate
CVE-2022-22950 was published for org.springframework:spring-expression (Maven) Apr 3, 2022
J3rry-1729 briandealwis
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified... Moderate Unreviewed
CVE-2022-22404 was published Apr 2, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner... High Unreviewed
CVE-2017-20016 was published Mar 29, 2022
Allocation of Resources Without Limits or Throttling in nvflare High
CVE-2022-21822 was published for nvflare (pip) Mar 18, 2022
Nintorac
Moodle denial-of-service risk in the draft files area High
CVE-2021-32476 was published for moodle/moodle (Composer) Mar 12, 2022
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad Moderate
CVE-2022-26336 was published for org.apache.poi:poi-scratchpad (Maven) Mar 5, 2022
SunBK201
Twisted SSH client and server deny of service during SSH handshake. High
CVE-2022-21716 was published for twisted (pip) Mar 3, 2022
Idan-D vin01
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database