Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,620
Maven
5,000+
npm
4,255
NuGet
760
pip
4,043
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults High
CVE-2025-54588 was published for github.com/envoyproxy/envoy (Go) Sep 15, 2025
agrawroh yanavlasov
phlax botengyao
Credited to agrawroh, yanavlasov, phlax, and botengyao
Pytorch use-after-free vulnerability High
CVE-2024-31583 was published for torch (pip) Apr 17, 2024
levpachmanov
Credited to levpachmanov
macroquad vulnerable to multiple soundness issues High
GHSA-gg76-hg3v-5q6c was published for macroquad (Rust) May 15, 2025
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability High
CVE-2024-38229 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 8, 2024
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Credited to fitzgen and cfallin
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
Credited to CastleQuirm, kw217, angusi, and bossmc
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs High
GHSA-mrxw-mxhj-p664 was published for nokogiri (RubyGems) Mar 14, 2025
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
Credited to another-rex
.NET Elevation of Privilege Vulnerability High
CVE-2024-21409 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Apr 17, 2024
rbhanda
Credited to rbhanda
Boolector use after free High
CVE-2019-7560 was published for pyboolector (pip) May 14, 2022
Use after free in boosted trees creation High
CVE-2021-37652 was published for tensorflow (pip) Aug 25, 2021
Use after free in `DecodePng` kernel High
CVE-2022-23584 was published for tensorflow (pip) Feb 9, 2022
Use after free / memory leak in `CollectiveReduceV2` High
CVE-2021-41220 was published for tensorflow (pip) Nov 10, 2021
PyOpenSSL Use-After-Free vulnerability High
CVE-2018-1000807 was published for pyopenssl (pip) Oct 10, 2018
tdunlap607
Credited to tdunlap607
.NET Remote Code Execution Vulnerability High
CVE-2023-33128 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 14, 2023
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Luzenna
Credited to antonfirsov and Luzenna
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
Credited to rofoun and radekvit
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer High
CVE-2023-30549 was published for github.com/apptainer/apptainer (Go) Apr 25, 2023
DrDaveD
Credited to DrDaveD
Use after free in PaddlePaddle High
CVE-2023-38669 was published for paddlepaddle (pip) Jul 26, 2023
Nokogiri has vulnerable dependencies on libxml2 and libxslt High
CVE-2021-30560 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen mattyr
flavorjones staticintlucas thomasthaddeus BaerMitUmlaut dlackty
Credited to espen, mattyr, flavorjones, staticintlucas, thomasthaddeus, BaerMitUmlaut, and dlackty
Nokogiri Implements libxml2 version vulnerable to use-after-free High
CVE-2021-3518 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database