Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
X.509 Email Address 4-byte Buffer Overflow Critical
CVE-2022-3602 was published for openssl-src (Rust) Nov 1, 2022
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
Credited to alexcrichton
Eclipse Parsson stack overflow when parsing deeply nested input Critical
CVE-2023-7272 was published for org.eclipse.parsson:parsson (Maven) Jul 17, 2024
Out of bounds access in tensorflow-lite Critical
CVE-2020-15212 was published for tensorflow (pip) Sep 25, 2020
Out of bounds write in tensorflow-lite Critical
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
Out of bounds write in Pillow Critical
CVE-2021-25289 was published for pillow (pip) Mar 29, 2021
sunSUNQ
Credited to sunSUNQ
py-lmdb Invalid write operation Critical
CVE-2019-16225 was published for lmdb (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16224 was published for lmdb (pip) May 24, 2022
py-lmdb Invalid write operation Critical
CVE-2019-16227 was published for lmdb (pip) May 24, 2022
LZ4 vulnerable to Out-of-bounds Write Critical
CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022
Heap-based buffer overflow in ZBar Critical
CVE-2023-40889 was published for zbar (pip) Aug 29, 2023
Apache Commons BCEL vulnerable to out-of-bounds write Critical
CVE-2022-42920 was published for org.apache.bcel:bcel (Maven) Nov 7, 2022
hyavijava stack overflow vulnerability Critical
CVE-2023-51084 was published for com.github:hyavijava (Maven) Dec 27, 2023
Out of bounds access in lucet-runtime-internals Critical
CVE-2020-35859 was published for lucet-runtime-internals (Rust) Aug 25, 2021
ChakraCore RCE Vulnerability Critical
CVE-2018-8500 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Out-of-bounds write in stack Critical
CVE-2020-35895 was published for stack (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Credited to tdunlap607
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 Critical
CVE-2021-37404 was published for org.apache.hadoop:hadoop-common (Maven) Jun 14, 2022
Memory corruption in smallvec Critical
CVE-2019-15554 was published for smallvec (Rust) Aug 25, 2021
Out of bounds write in slice-deque Critical
CVE-2019-15543 was published for slice-deque (Rust) Aug 25, 2021
Out of bounds write in prost Critical
CVE-2020-35858 was published for prost (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
openssl-src heap memory corruption with RSA private key operation Critical
CVE-2022-2274 was published for openssl-src (Rust) Jul 2, 2022
sugar700
Credited to sugar700
Out of bounds access in compact_arena Critical
CVE-2019-16139 was published for compact_arena (Rust) Aug 25, 2021
Out-of-bounds Write in actix-web Critical
CVE-2018-25026 was published for actix-web (Rust) Jan 6, 2022
Out-of-bounds Write in actix-web Critical
CVE-2018-25025 was published for actix-web (Rust) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database