Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user... High Unreviewed
CVE-2022-48191 was published Jan 20, 2023
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the... Moderate Unreviewed
CVE-2023-22397 was published Jan 13, 2023
TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially... Moderate Unreviewed
CVE-2023-20523 was published Jan 11, 2023
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a... Moderate Unreviewed
CVE-2021-46795 was published Jan 11, 2023
Memory corruption in Multimedia Framework due to unsafe access to the data members High Unreviewed
CVE-2022-25716 was published Jan 9, 2023
In isp, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed
CVE-2022-32638 was published Jan 3, 2023
A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused... High Unreviewed
CVE-2022-22753 was published Dec 22, 2022
When installing an add-on, Firefox verified the signature before prompting the user; but while... High Unreviewed
CVE-2022-26387 was published Dec 22, 2022
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID... High Unreviewed
CVE-2022-44670 was published Dec 13, 2022
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service... High Unreviewed
CVE-2022-44651 was published Dec 12, 2022
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022... High Unreviewed
CVE-2022-39908 was published Dec 8, 2022
Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on WordPress allows attackers to... Low Unreviewed
CVE-2022-45842 was published Nov 30, 2022
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged... High Unreviewed
CVE-2022-34830 was published Nov 23, 2022
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB... High Unreviewed
CVE-2022-30283 was published Nov 16, 2022
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after... Moderate Unreviewed
CVE-2022-30773 was published Nov 15, 2022
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe... Moderate Unreviewed
CVE-2022-32266 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the software SMI handler used by... Moderate Unreviewed
CVE-2022-33907 was published Nov 15, 2022
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead... Moderate Unreviewed
CVE-2022-33982 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe... High Unreviewed
CVE-2022-34325 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software... Moderate Unreviewed
CVE-2022-32267 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI... High Unreviewed
CVE-2022-33983 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI... High Unreviewed
CVE-2022-33908 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the HddPassword software SMI... High Unreviewed
CVE-2022-33909 was published Nov 15, 2022
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler... High Unreviewed
CVE-2022-33905 was published Nov 15, 2022
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could... Moderate Unreviewed
CVE-2022-33986 was published Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API