Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Asterix Heap-based Buffer Overflow Critical
CVE-2021-44144 was published for asterix_decoder (pip) May 24, 2022
Aubio is vulnerable to out of bound read when samplerate > 50kHz High
CVE-2018-14523 was published for aubio (pip) May 13, 2022
Heap OOB in TFLite's `Gather*` implementations Moderate
CVE-2021-37687 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in TFLite Moderate
CVE-2021-37685 was published for tensorflow (pip) Aug 25, 2021
Heap OOB read in TFLite High
CVE-2021-29606 was published for tensorflow (pip) May 21, 2021
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum` Low
CVE-2021-29590 was published for tensorflow (pip) May 21, 2021
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory. Moderate
CVE-2018-21233 was published for tensorflow (pip) May 13, 2020
Out of bounds access in tensorflow-lite Moderate
CVE-2020-15211 was published for tensorflow (pip) Sep 25, 2020
node-stringbuilder vulnerable to Out-of-bounds Read High
CVE-2024-21524 was published for node-stringbuilder (npm) Jul 10, 2024
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash Moderate
CVE-2024-36124 was published for org.iq80.snappy:snappy (Maven) Jun 4, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
google.golang.org/protobuf vulnerable to panic leading to denial of service High
CVE-2023-24535 was published for google.golang.org/protobuf (Go) Mar 14, 2023
Denial of Service in jsonparser High
CVE-2020-35381 was published for github.com/buger/jsonparser (Go) May 25, 2022
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service High
CVE-2022-34037 was published for github.com/caddyserver/caddy (Go) Jul 23, 2022 withdrawn
Mercurial Out-of-bounds Read vulnerability Critical
CVE-2018-17983 was published for mercurial (pip) May 14, 2022
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
Uncontrolled Resource Consumption in pillow High
CVE-2021-23437 was published for pillow (pip) Sep 7, 2021
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching Critical
CVE-2020-26269 was published for tensorflow (pip) Oct 7, 2022
ProTip! Advisories are also available from the GraphQL API