GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Denial of Service in https-proxy-agent
Critical
CVE-2018-3739
was published
for
https-proxy-agent
(npm)
Jul 27, 2018
Improper Input Validation and Buffer Over-read in mqtt-packet
High
CVE-2019-5432
was published
for
mqtt-packet
(npm)
May 14, 2019
Out-of-bounds Read in concat-with-sourcemaps
Moderate
GHSA-2xv3-h762-ccxv
was published
for
concat-with-sourcemaps
(npm)
May 29, 2019
Out-of-bounds Read in base64-url
High
GHSA-j4mr-9xw3-c9jx
was published
for
base64-url
(npm)
May 31, 2019
Out-of-bounds Read in npmconf
Moderate
GHSA-57cf-349j-352g
was published
for
npmconf
(npm)
Jun 12, 2019
Out-of-bounds Read in stringstream
Moderate
CVE-2018-21270
was published
for
stringstream
(npm)
Jun 20, 2019
Out-of-bounds Read in base64url
Moderate
GHSA-rvg8-pwq2-xj7q
was published
for
base64url
(npm)
Sep 1, 2020
Out-of-Bounds read in stringstream
Moderate
GHSA-qpw2-xchm-655q
was published
for
stringstream
(npm)
Jan 6, 2022
•
withdrawn
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Moderate
CVE-2018-16982
was published
for
OpenCC
(npm)
May 14, 2022
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes
High
CVE-2020-1912
was published
for
hermes-engine
(npm)
May 24, 2022
Out-of-bounds Read in Facebook Hermes
High
CVE-2020-1915
was published
for
hermes-engine
(npm)
May 24, 2022
Out-of-bounds Read in fast-string-search
Moderate
CVE-2022-25872
was published
for
fast-string-search
(npm)
Jun 18, 2022
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Low
CVE-2024-27094
was published
for
@openzeppelin/contracts
(npm)
Feb 29, 2024
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API