Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading... Critical Unreviewed
CVE-2021-24036 was published May 24, 2022
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary... Critical Unreviewed
CVE-2021-35942 was published May 24, 2022
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote... Critical Unreviewed
CVE-2020-22875 was published May 24, 2022
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote... Critical Unreviewed
CVE-2020-22874 was published May 24, 2022
Integer overflow vulnerability in payable function of a smart contract implementation for an... Critical Unreviewed
CVE-2020-17752 was published May 24, 2022
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc,... Critical Unreviewed
CVE-2021-26461 was published May 24, 2022
A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality... Critical Unreviewed
CVE-2021-21795 was published May 24, 2022
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a... Critical Unreviewed
CVE-2017-20005 was published May 24, 2022
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4... Critical Unreviewed
CVE-2021-3520 was published May 24, 2022
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4... Critical Unreviewed
CVE-2021-3402 was published May 24, 2022
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer... Critical Unreviewed
CVE-2020-35198 was published May 24, 2022
Memory corruption while processing crafted SDES packets due to improper length check in sdes... Critical Unreviewed
CVE-2020-11279 was published May 24, 2022
The affected product is vulnerable to an integer overflow while processing HTTP headers, which... Critical Unreviewed
CVE-2021-22679 was published May 24, 2022
Multiple integer overflow issues exist while processing long domain names, which may allow an... Critical Unreviewed
CVE-2021-22671 was published May 24, 2022
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e... Critical Unreviewed
CVE-2020-28017 was published May 24, 2022
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote... Critical Unreviewed
CVE-2020-28020 was published May 24, 2022
An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in... Critical Unreviewed
CVE-2021-31873 was published May 24, 2022
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio... Critical Unreviewed
CVE-2021-31872 was published May 24, 2022
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result... Critical Unreviewed
CVE-2021-31870 was published May 24, 2022
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8... Critical Unreviewed
CVE-2021-25216 was published May 24, 2022
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. Critical Unreviewed
CVE-2019-25038 was published May 24, 2022
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. Critical Unreviewed
CVE-2019-25039 was published May 24, 2022
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. Critical Unreviewed
CVE-2019-25032 was published May 24, 2022
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an... Critical Unreviewed
CVE-2019-25034 was published May 24, 2022
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. Critical Unreviewed
CVE-2019-25033 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database