GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,162
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Pillow Integer overflow in ImagingResampleHorizontal
Critical
CVE-2016-4009
was published
for
pillow
(pip)
Jul 24, 2018
Dulwich Buffer Overflow when handling pack files
Critical
CVE-2015-0838
was published
for
dulwich
(pip)
May 17, 2022
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
aubio Buffer Overflow vulnerability
Critical
CVE-2018-19800
was published
for
aubio
(pip)
Jul 26, 2019
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Critical
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Vyper's bounds check on built-in `slice()` function can be overflowed
Critical
CVE-2024-24561
was published
for
vyper
(pip)
Feb 1, 2024
Nokogiri does not forbid namespace nodes in XPointer ranges
Critical
CVE-2016-4658
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
ChakraCore RCE Vulnerability
Critical
CVE-2017-0252
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore RCE Vulnerability
Critical
CVE-2017-0223
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore RCE Vulnerability
Critical
CVE-2017-8658
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore vulnerable to privilege escalation
Critical
CVE-2017-11767
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Heap Based Buffer Overflow in libyaml
Critical
CVE-2013-6393
was published
for
libyaml
(npm)
Aug 31, 2020
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Critical
CVE-2021-45709
was published
for
crypto2
(Rust)
Jan 6, 2022
Heap overflow or corruption in safe-transmute
Critical
CVE-2018-21000
was published
for
safe-transmute
(Rust)
Aug 25, 2021
Memory corruption slice-deque
Critical
CVE-2018-20995
was published
for
slice-deque
(Rust)
Aug 25, 2021
Buffer overflow and format vulnerabilities in ncurses
Critical
CVE-2019-15548
was published
for
ncurses
(Rust)
Aug 25, 2021
Drop of uninitialized memory in Ozone
Critical
CVE-2020-35878
was published
for
ozone
(Rust)
Aug 25, 2021
nb-connect invalidly assumes the memory layout of std::net::SocketAddr
Critical
CVE-2021-27376
was published
for
nb-connect
(Rust)
Aug 25, 2021
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
Out of bounds write in nalgebra
Critical
CVE-2021-38190
was published
for
nalgebra
(Rust)
Aug 25, 2021
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
Critical
CVE-2020-14967
was published
for
jsrsasign
(npm)
Jun 26, 2020
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
Critical
CVE-2020-14968
was published
for
jsrsasign
(npm)
Jun 26, 2020
ProTip!
Advisories are also available from the
GraphQL API