Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
typed-ast Out-of-bounds Read High
CVE-2019-19274 was published for typed-ast (pip) Dec 2, 2019
fritzdal
Aubio is vulnerable to out of bound read when samplerate > 50kHz High
CVE-2018-14523 was published for aubio (pip) May 13, 2022
Heap OOB read in TFLite High
CVE-2021-29606 was published for tensorflow (pip) May 21, 2021
node-stringbuilder vulnerable to Out-of-bounds Read High
CVE-2024-21524 was published for node-stringbuilder (npm) Jul 10, 2024
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
google.golang.org/protobuf vulnerable to panic leading to denial of service High
CVE-2023-24535 was published for google.golang.org/protobuf (Go) Mar 14, 2023
Denial of Service in jsonparser High
CVE-2020-35381 was published for github.com/buger/jsonparser (Go) May 25, 2022
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service High
CVE-2022-34037 was published for github.com/caddyserver/caddy (Go) Jul 23, 2022 withdrawn
Uncontrolled Resource Consumption in pillow High
CVE-2021-23437 was published for pillow (pip) Sep 7, 2021
Out of bounds read in Pillow High
CVE-2021-25293 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Out of bounds read in Pillow High
CVE-2021-25291 was published for Pillow (pip) Mar 29, 2021
tdunlap607 sunSUNQ
Markdown vulnerable to Out-of-bounds Read while parsing citations High
CVE-2023-42821 was published for github.com/gomarkdown/markdown (Go) Sep 22, 2023
NSEcho
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
ChakraCore RCE Vulnerability High
CVE-2018-8139 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
golang.org/x/text/language Out-of-bounds Read vulnerability High
CVE-2021-38561 was published for golang.org/x/text (Go) Dec 26, 2022
Out of bounds write in grappler in Tensorflow High
CVE-2022-41902 was published for tensorflow (pip) Nov 21, 2022
w0j73k
typed-ast Out-of-bounds Read High
CVE-2019-19275 was published for typed-ast (pip) Dec 2, 2019
Out-of-bounds Read in Pillow High
CVE-2020-5313 was published for Pillow (pip) Apr 1, 2020
Pillow Out-of-bounds Read High
CVE-2020-35653 was published for Pillow (pip) Mar 18, 2021
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
Out of bounds read in simd-json High
CVE-2019-15550 was published for simd-json (Rust) Aug 25, 2021
Out of bounds read in ordnung High
CVE-2020-35890 was published for ordnung (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API