Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Mishandling of format strings in rusqlite Critical
CVE-2020-35869 was published for rusqlite (Rust) Aug 25, 2021
Remote Code Execution in Apache Dubbo Critical
CVE-2021-36161 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5... Critical Unreviewed
CVE-2021-42911 was published Mar 30, 2022
Use of Externally-Controlled Format String in consoleme Critical
CVE-2022-27177 was published for consoleme (pip) Apr 3, 2022
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker... Critical Unreviewed
CVE-2022-26674 was published Apr 23, 2022
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact... Critical Unreviewed
CVE-2016-4448 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-17407 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... Critical Unreviewed
CVE-2017-16608 was published May 13, 2022
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input... Critical Unreviewed
CVE-2017-10685 was published May 13, 2022
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized... Critical Unreviewed
CVE-2018-1352 was published May 14, 2022
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a... Critical Unreviewed
CVE-2017-0898 was published May 14, 2022
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in... Critical Unreviewed
CVE-2018-7544 was published May 14, 2022
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an... Critical Unreviewed
CVE-2018-6317 was published May 14, 2022
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data... Critical Unreviewed
CVE-2018-5704 was published May 14, 2022
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP... Critical Unreviewed
CVE-2015-8617 was published May 17, 2022
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as... Critical Unreviewed
CVE-2017-12588 was published May 17, 2022
CloudView NMS before 2.10a has a format string issue exploitable over SNMP. Critical Unreviewed
CVE-2016-5074 was published May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue... Critical Unreviewed
CVE-2015-7271 was published May 17, 2022
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an... Critical Unreviewed
CVE-2019-12297 was published May 24, 2022
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX... Critical Unreviewed
CVE-2019-6840 was published May 24, 2022
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash)... Critical Unreviewed
CVE-2020-27853 was published May 24, 2022
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and... Critical Unreviewed
CVE-2021-20307 was published May 24, 2022
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could... Critical Unreviewed
CVE-2022-34747 was published Sep 7, 2022
A format string injection vulnerability exists in the ghome_process_control_packet functionality... Critical Unreviewed
CVE-2022-33938 was published Oct 25, 2022
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode... Critical Unreviewed
CVE-2022-35244 was published Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database