Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,704
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Moderate
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
Credited to rholterhus
FeehiCMS fails to enforce server-side immutability Moderate
CVE-2025-63523 was published for feehi/feehicms (Composer) Dec 1, 2025
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read Moderate
CVE-2025-47914 was published for golang.org/x/crypto (Go) Nov 19, 2025
leonklingele
Credited to leonklingele
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64 Moderate
CVE-2025-57697 was published for AstrBot (pip) Nov 7, 2025
ncurses exposes uninitialized memory in string reading functions Moderate
GHSA-x77x-7mmh-cxv3 was published for ncurses (Rust) Oct 22, 2025
webp crate may expose memory contents when encoding an image Moderate
GHSA-9q78-27f3-2jmh was published for webp (Rust) Aug 29, 2025
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute Moderate
CVE-2025-48072 was published for OpenEXR (pip) Jul 31, 2025
suidpit TheZ3ro
ndaprela smaury
Credited to suidpit, TheZ3ro, ndaprela, and smaury
OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers Moderate
CVE-2025-54070 was published for @openzeppelin/contracts (npm) Jul 17, 2025
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Credited to alexcrichton
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API. Moderate
GHSA-9cc5-2pq7-hfj8 was published for xmas-elf (Rust) Mar 26, 2025
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
Credited to iarspider
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Denial of service in geth Moderate
CVE-2020-26242 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Credited to levpachmanov
`ruzstd` uninit and out-of-bounds memory reads Moderate
GHSA-x3f4-45xf-rjm7 was published for ruzstd (Rust) Dec 2, 2024
PaddlePaddle segfault in paddle.mode Moderate
CVE-2023-38678 was published for PaddlePaddle (pip) Jan 3, 2024
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read Moderate
CVE-2018-16982 was published for opencc (npm) May 14, 2022
richardfan0606 DanBeard
Credited to richardfan0606 and DanBeard
Capstone SEGV caused by a read memory access Moderate
CVE-2016-7151 was published for capstone (pip) May 24, 2022
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime Moderate
CVE-2021-39218 was published for wasmtime (pip) Sep 20, 2021
cfallin fitzgen
Credited to cfallin and fitzgen
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Arbitrary memory read in `ImmutableConst` Moderate
CVE-2021-41227 was published for tensorflow (pip) Nov 10, 2021
Heap OOB in `SparseBinCount` Moderate
CVE-2021-41226 was published for tensorflow (pip) Nov 10, 2021
`SparseFillEmptyRows` heap OOB Moderate
CVE-2021-41224 was published for tensorflow (pip) Nov 10, 2021
Heap OOB in `FusedBatchNorm` kernels Moderate
CVE-2021-41223 was published for tensorflow (pip) Nov 10, 2021
Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops Moderate
CVE-2021-41205 was published for tensorflow (pip) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database