GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
300 advisories
Filter by severity
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local...
High
Unreviewed
CVE-2012-0809
was published
May 14, 2022
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record...
High
Unreviewed
CVE-2012-2369
was published
May 14, 2022
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data...
Critical
Unreviewed
CVE-2018-5704
was published
May 14, 2022
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an...
Critical
Unreviewed
CVE-2018-6317
was published
May 14, 2022
Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module...
Moderate
Unreviewed
CVE-2017-17132
was published
May 14, 2022
** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in...
Critical
Unreviewed
CVE-2018-7544
was published
May 14, 2022
The ABB IDAL FTP server mishandles format strings in a username during the authentication process...
High
Unreviewed
CVE-2019-7230
was published
May 24, 2022
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An...
High
Unreviewed
CVE-2022-26393
was published
Sep 10, 2022
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32)...
Moderate
Unreviewed
CVE-2022-26392
was published
Sep 10, 2022
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the...
High
Unreviewed
CVE-2019-7228
was published
May 24, 2022
A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX...
Critical
Unreviewed
CVE-2019-6840
was published
May 24, 2022
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a...
Critical
Unreviewed
CVE-2017-0898
was published
May 14, 2022
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7...
High
Unreviewed
CVE-2010-1550
was published
May 14, 2022
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute...
High
Unreviewed
CVE-2008-5982
was published
May 14, 2022
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games,...
High
Unreviewed
CVE-2008-6441
was published
May 14, 2022
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in...
Moderate
Unreviewed
CVE-2008-5660
was published
May 14, 2022
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC...
Moderate
Unreviewed
CVE-2013-3560
was published
May 14, 2022
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple...
High
Unreviewed
CVE-2013-5135
was published
May 14, 2022
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute...
High
Unreviewed
CVE-2012-0646
was published
May 14, 2022
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash....
High
Unreviewed
CVE-2017-15191
was published
May 14, 2022
A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized...
Critical
Unreviewed
CVE-2018-1352
was published
May 14, 2022
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a...
High
Unreviewed
CVE-2016-4864
was published
May 14, 2022
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of...
High
Unreviewed
CVE-2018-5207
was published
May 14, 2022
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
High
Unreviewed
CVE-2018-5205
was published
May 14, 2022
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5...
High
Unreviewed
CVE-2019-7715
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API