Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,241
Maven
5,000+
npm
3,902
NuGet
701
pip
3,669
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

11,102 advisories

Loading
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS... High Unreviewed
CVE-2022-46701 was published Dec 15, 2022
Apache POI OOXML Vulnerable to Improper Input Validation in OOXML File Parsing Moderate
CVE-2025-31672 was published for org.apache.poi:poi-ooxml (Maven) Apr 9, 2025
In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input... Moderate Unreviewed
CVE-2022-20574 was published Dec 21, 2022
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about... High Unreviewed
CVE-2022-42544 was published Dec 21, 2022
Some smartphones have the input validation vulnerability. Successful exploitation of this... High Unreviewed
CVE-2022-46328 was published Dec 20, 2022
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2... Moderate Unreviewed
CVE-2022-46401 was published Dec 20, 2022
Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low... Moderate Unreviewed
CVE-2025-26477 was published Apr 17, 2025
lite-server vulnerable to Denial of Service High
CVE-2022-25940 was published for lite-server (Maven) Dec 20, 2022
lirantal
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine High
CVE-2025-24970 was published for io.netty:netty-handler (Maven) Feb 10, 2025
johnou
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have... Moderate Unreviewed
CVE-2022-22757 was published Dec 22, 2022
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do... Moderate Unreviewed
CVE-2022-22749 was published Dec 22, 2022
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This... Moderate Unreviewed
CVE-2025-3677 was published Apr 16, 2025
Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F... High Unreviewed
CVE-2024-26290 was published Mar 12, 2025
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the... Critical Unreviewed
CVE-2022-34476 was published Dec 22, 2022
Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue... Moderate Unreviewed
CVE-2023-36505 was published Apr 17, 2024
A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4... Moderate Unreviewed
CVE-2025-3622 was published Apr 15, 2025
A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical.... Moderate Unreviewed
CVE-2025-3590 was published Apr 15, 2025
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
mod_cluster Denial of Service vulnerability High
CVE-2016-3110 was published for org.jboss.mod_cluster:mod_cluster-parent (Maven) May 14, 2022
Improper Input Validation in Apache Tomcat Moderate
CVE-2014-0096 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files,... High Unreviewed
CVE-2018-1000156 was published May 14, 2022
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin allows remote attackers to spoof content via the url parameter High
CVE-2015-7873 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
Insufficient validation of filenames against control characters in Apache Subversion repositories... Low Unreviewed
CVE-2024-46901 was published Dec 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database