GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5...
Critical
Unreviewed
CVE-2021-42911
was published
Mar 30, 2022
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker...
Critical
Unreviewed
CVE-2022-26674
was published
Apr 23, 2022
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and...
Critical
Unreviewed
CVE-2021-20307
was published
May 24, 2022
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as...
Critical
Unreviewed
CVE-2017-12588
was published
May 17, 2022
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
Critical
Unreviewed
CVE-2016-5074
was published
May 17, 2022
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue...
Critical
Unreviewed
CVE-2015-7271
was published
May 17, 2022
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the...
Critical
Unreviewed
CVE-2020-36619
was published
Dec 19, 2022
A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the...
Critical
Unreviewed
CVE-2020-36643
was published
Jan 6, 2023
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the...
Critical
Unreviewed
CVE-2022-4639
was published
Dec 22, 2022
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash)...
Critical
Unreviewed
CVE-2020-27853
was published
May 24, 2022
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could...
Critical
Unreviewed
CVE-2022-34747
was published
Sep 7, 2022
A format string injection vulnerability exists in the ghome_process_control_packet functionality...
Critical
Unreviewed
CVE-2022-33938
was published
Oct 25, 2022
A format string injection vulnerability exists in the XCMD getVarHA functionality of abode...
Critical
Unreviewed
CVE-2022-35244
was published
Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode...
Critical
Unreviewed
CVE-2022-35877
was published
Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode...
Critical
Unreviewed
CVE-2022-35874
was published
Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode...
Critical
Unreviewed
CVE-2022-35876
was published
Oct 25, 2022
Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode...
Critical
Unreviewed
CVE-2022-35875
was published
Oct 25, 2022
Remote Code Execution in Apache Dubbo
Critical
CVE-2021-36161
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 10, 2021
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-17407
was published
May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations...
Critical
Unreviewed
CVE-2017-16608
was published
May 13, 2022
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input...
Critical
Unreviewed
CVE-2017-10685
was published
May 13, 2022
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized...
Critical
Unreviewed
CVE-2018-1352
was published
May 14, 2022
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a...
Critical
Unreviewed
CVE-2017-0898
was published
May 14, 2022
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX...
Critical
Unreviewed
CVE-2019-6840
was published
May 24, 2022
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in...
Critical
Unreviewed
CVE-2018-7544
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API