Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Integer overflow in base64 Critical
CVE-2017-1000430 was published for base64 (Rust) Aug 25, 2021
Uninitialized memory access in outer_cgi Critical
CVE-2021-30454 was published for outer_cgi (Rust) Aug 25, 2021
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign Critical
CVE-2020-14968 was published for jsrsasign (npm) Jun 26, 2020
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign Critical
CVE-2020-14967 was published for jsrsasign (npm) Jun 26, 2020
Out of bounds write in nalgebra Critical
CVE-2021-38190 was published for nalgebra (Rust) Aug 25, 2021
Deserializing an array can free uninitialized memory in byte_struct Critical
CVE-2021-28033 was published for byte_struct (Rust) Aug 25, 2021
tdunlap607
nb-connect invalidly assumes the memory layout of std::net::SocketAddr Critical
CVE-2021-27376 was published for nb-connect (Rust) Aug 25, 2021
Drop of uninitialized memory in Ozone Critical
CVE-2020-35878 was published for ozone (Rust) Aug 25, 2021
Buffer overflow and format vulnerabilities in ncurses Critical
CVE-2019-15548 was published for ncurses (Rust) Aug 25, 2021
Out of bounds read in Ozone Critical
CVE-2020-35877 was published for ozone (Rust) Aug 25, 2021
Out of bounds access in rgb Critical
CVE-2020-25016 was published for rgb (Rust) Aug 25, 2021
Memory corruption slice-deque Critical
CVE-2018-20995 was published for slice-deque (Rust) Aug 25, 2021
Heap overflow or corruption in safe-transmute Critical
CVE-2018-21000 was published for safe-transmute (Rust) Aug 25, 2021
tdunlap607
Use of a Broken or Risky Cryptographic Algorithm in crypto2 Critical
CVE-2021-45709 was published for crypto2 (Rust) Jan 6, 2022
Heap Based Buffer Overflow in libyaml Critical
CVE-2013-6393 was published for libyaml (npm) Aug 31, 2020
ChakraCore vulnerable to privilege escalation Critical
CVE-2017-11767 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-8658 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0223 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore RCE Vulnerability Critical
CVE-2017-0252 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Nokogiri does not forbid namespace nodes in XPointer ranges Critical
CVE-2016-4658 was published for nokogiri (RubyGems) Aug 21, 2018
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service Critical
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Dulwich Buffer Overflow when handling pack files Critical
CVE-2015-0838 was published for dulwich (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database