GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,921

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

116 advisories

Filter by severity

Sort by

Least recently updated

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially... Moderate Unreviewed

CVE-2023-20523 was published Jan 11, 2023

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a... Moderate Unreviewed

CVE-2021-46795 was published Jan 11, 2023

In isp, there is a possible out of bounds write due to a race condition. This could lead to local... Moderate Unreviewed

CVE-2022-32638 was published Jan 3, 2023

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after... Moderate Unreviewed

CVE-2022-30773 was published Nov 15, 2022

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe... Moderate Unreviewed

CVE-2022-32266 was published Nov 15, 2022

DMA transactions which are targeted at input buffers used for the software SMI handler used by... Moderate Unreviewed

CVE-2022-33907 was published Nov 15, 2022

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead... Moderate Unreviewed

CVE-2022-33982 was published Nov 15, 2022

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software... Moderate Unreviewed

CVE-2022-32267 was published Nov 15, 2022

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could... Moderate Unreviewed

CVE-2022-33986 was published Nov 15, 2022

Update description and links DMA transactions which are targeted at input buffers used for the... Moderate Unreviewed

CVE-2022-31243 was published Nov 15, 2022

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI... Moderate Unreviewed

CVE-2022-33906 was published Nov 15, 2022

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after... Moderate Unreviewed

CVE-2022-30774 was published Nov 15, 2022

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may... Moderate Unreviewed

CVE-2022-21198 was published Nov 11, 2022

In jpeg, there is a possible use after free due to a race condition. This could lead to local... Moderate Unreviewed

CVE-2022-32608 was published Nov 9, 2022

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd... Moderate Unreviewed

CVE-2022-22220 was published Oct 18, 2022

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon ... Moderate Unreviewed

CVE-2022-22225 was published Oct 18, 2022

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd... Moderate Unreviewed

CVE-2022-29800 was published Sep 22, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race... Moderate Unreviewed

CVE-2022-1974 was published Sep 1, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to... Moderate Unreviewed

CVE-2021-35937 was published Aug 26, 2022

A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow... Moderate Unreviewed

CVE-2022-33691 was published Jul 13, 2022

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a... Moderate Unreviewed

CVE-2021-33097 was published May 24, 2022

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE)... Moderate Unreviewed

CVE-2021-0289 was published May 24, 2022

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for... Moderate Unreviewed

CVE-2021-1567 was published May 24, 2022

This vulnerability allows local attackers to disclose sensitive information on affected... Moderate Unreviewed

CVE-2021-31427 was published May 24, 2022

Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in... Moderate Unreviewed

CVE-2020-11230 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

116 advisories