GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Critical
CVE-2020-35888
was published
for
arr
(Rust)
Aug 25, 2021
Use of Uninitialized Resource in binjs_io.
Critical
CVE-2021-45683
was published
for
binjs_io
(Rust)
Jan 6, 2022
Use of Uninitialized Resource in acc_reader.
Critical
CVE-2020-36513
was published
for
acc_reader
(Rust)
Jan 6, 2022
Use of Uninitialized Resource in bite.
High
CVE-2020-36511
was published
for
bite
(Rust)
Jan 6, 2022
Use of Uninitialized Resource in acc_reader.
Critical
CVE-2020-36514
was published
for
acc_reader
(Rust)
Jan 6, 2022
Use of Uninitialized Resource in ash.
Critical
CVE-2021-45688
was published
for
ash
(Rust)
Jan 6, 2022
Uninitialized read in Nokogiri gem
High
CVE-2019-13117
was published
for
nokogiri
(RubyGems)
May 24, 2022
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service...
Moderate
Unreviewed
CVE-2021-40608
was published
Jun 29, 2022
Use of Uninitialized Variable in trilogy
Moderate
CVE-2022-31026
was published
for
trilogy
(RubyGems)
Jun 6, 2022
Read of uninitialized memory in cdr
Critical
CVE-2021-26305
was published
for
cdr
(Rust)
Aug 25, 2021
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in...
Moderate
Unreviewed
CVE-2019-11833
was published
May 24, 2022
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote...
High
Unreviewed
CVE-2015-8390
was published
May 17, 2022
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before...
High
Unreviewed
CVE-2023-22281
was published
Feb 1, 2023
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to...
Moderate
Unreviewed
CVE-2019-13751
was published
May 24, 2022
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows...
Low
Unreviewed
CVE-2020-10732
was published
May 24, 2022
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4...
High
Unreviewed
CVE-2015-5165
was published
May 13, 2022
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
High
Unreviewed
CVE-2022-47012
was published
Jan 20, 2023
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to...
High
Unreviewed
CVE-2022-0115
was published
Feb 13, 2022
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to...
Moderate
Unreviewed
CVE-2021-39671
was published
Feb 12, 2022
Free of uninitialized memory in telemetry
Critical
CVE-2021-29937
was published
for
telemetry
(Rust)
Aug 25, 2021
Uninitialized variable access in Tensorflow
High
CVE-2022-23573
was published
for
tensorflow
(pip)
Feb 9, 2022
In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to...
Moderate
Unreviewed
CVE-2021-39680
was published
Jan 15, 2022
In seninf driver, there is a possible information disclosure due to uninitialized data. This...
Moderate
Unreviewed
CVE-2022-20018
was published
Jan 5, 2022
ProTip!
Advisories are also available from the
GraphQL API