GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
actionmailer email address processing causes Denial of service
Moderate
CVE-2013-4389
was published
for
actionmailer
(RubyGems)
Oct 24, 2017
gtk2 vulnerable to Use of Externally-Controlled Format String
Moderate
CVE-2007-6183
was published
for
gtk2
(RubyGems)
Oct 24, 2017
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
Mishandling of format strings in rusqlite
Critical
CVE-2020-35869
was published
for
rusqlite
(Rust)
Aug 25, 2021
Format string vulnerabilities in pancurses
High
CVE-2019-15546
was published
for
pancurses
(Rust)
Aug 25, 2021
Mishandling of format strings in ncurses
High
CVE-2019-15547
was published
for
ncurses
(Rust)
Aug 25, 2021
Remote Code Execution in Apache Dubbo
Critical
CVE-2021-36161
was published
for
org.apache.dubbo:dubbo
(Maven)
Sep 10, 2021
Use of Externally-Controlled Format String in wire-avs
High
CVE-2021-41193
was published
for
com.wire:avs
(Maven)
Mar 1, 2022
Use of Externally-Controlled Format String in consoleme
Critical
CVE-2022-27177
was published
for
consoleme
(pip)
Apr 3, 2022
Apache log4net format string vulnerability causes DoS
Moderate
CVE-2006-0743
was published
for
log4net
(NuGet)
May 1, 2022
Pivotal RabbitMQ is vulnerable to a denial of service attack
High
CVE-2019-11287
was published
for
RabbitMQ
(Erlang)
May 24, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
TiDB vulnerable to Use of Externally-Controlled Format String
Critical
CVE-2022-3023
was published
for
github.com/pingcap/tidb
(Go)
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API