GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
PCX P mode buffer overflow in Pillow
Critical
CVE-2020-5312
was published
for
Pillow
(pip)
Nov 3, 2021
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
StringIO buffer overread vulnerability
Critical
CVE-2024-27280
was published
for
stringio
(RubyGems)
Mar 25, 2024
SM2 Decryption Buffer Overflow
Critical
CVE-2021-3711
was published
for
openssl-src
(Rust)
May 24, 2022
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
memory overflow vulnerability in OpenEXR-viewer
Critical
CVE-2023-50245
was published
for
afichet/openexr-viewer
(GitHub Actions)
Dec 12, 2023
hutool Buffer Overflow vulnerability
Critical
CVE-2023-42276
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
hutool Buffer Overflow vulnerability
Critical
CVE-2023-42277
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
Buffer Overflow in galois_2p8
Critical
CVE-2022-24988
was published
for
galois_2p8
(Rust)
Feb 15, 2022
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Critical
CVE-2021-37404
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Jun 14, 2022
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Critical
CVE-2020-35887
was published
for
arr
(Rust)
Aug 25, 2021
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel
Critical
CVE-2023-26109
was published
for
node-bluetooth-serial-port
(npm)
Mar 9, 2023
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation
Critical
CVE-2023-26110
was published
for
node-bluetooth
(npm)
Mar 9, 2023
ProTip!
Advisories are also available from the
GraphQL API