Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
ImageMagick CLAHE : Unsigned underflow and division-by-zero lead to OOB pointer arithmetic and process crash (DoS) Moderate
CVE-2025-62594 was published for Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet) Oct 27, 2025
amethyst0225 jin-156
hanbunny yosiimich
Credited to amethyst0225, jin-156, hanbunny, and yosiimich
ChakraCore RCE Vulnerability High
CVE-2016-7200 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore RCE Vulnerability High
CVE-2016-7201 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
SPDK is vulnerable to buffer overflow in the NVMe-oF target component Moderate
CVE-2025-57275 was published for spdk (pip) Oct 1, 2025
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
Lift Sensitive Information Disclosure Moderate
CVE-2013-3300 was published for net.liftweb:lift-webkit (Maven) May 17, 2022
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check Moderate
CVE-2025-55159 was published for slab (Rust) Aug 11, 2025
mox692
Credited to mox692
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones
Credited to flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile` Moderate
GHSA-9ghp-w2hm-vfpf was published for wasmtime-jit-debug (Rust) Jun 17, 2025
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
tanton_engine has unsound public API Moderate
GHSA-m2xr-2vj4-wh94 was published for tanton_engine (Rust) May 6, 2025
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Credited to alexcrichton
Panic in mp3-metadata due to the lack of bounds checking Moderate
GHSA-927q-g9w9-pm54 was published for mp3-metadata (Rust) Apr 30, 2025
jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2025-3588 was published for org.jsonschema2pojo:jsonschema2pojo-core (Maven) Apr 14, 2025
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service High
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
anonymous-nlp-student
Credited to anonymous-nlp-student
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec
Credited to minaminao-osec
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
Credited to zobront and kuroi8
Vyper's external calls can overflow return data to return input buffer Low
CVE-2024-24560 was published for vyper (pip) Feb 2, 2024
zobront
Credited to zobront
Buffer Overflow in vyper High
CVE-2022-24788 was published for vyper (pip) Apr 20, 2022
Memory corruption when returning a literal struct with a private call inside of it High
CVE-2021-41121 was published for vyper (pip) Oct 12, 2021
tlslite remote denial of service vulnerability High
CVE-2015-3220 was published for tlslite (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database