GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Aubio is vulnerable to out of bound read when samplerate > 50kHz
High
CVE-2018-14523
was published
for
aubio
(pip)
May 13, 2022
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
Read buffer overruns processing ASN.1 strings
High
CVE-2021-3712
was published
for
openssl-src
(Rust)
May 24, 2022
Out of bounds read in json-smart
High
CVE-2021-31684
was published
for
net.minidev:json-smart
(Maven)
Feb 10, 2022
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
google.golang.org/protobuf vulnerable to panic leading to denial of service
High
CVE-2023-24535
was published
for
google.golang.org/protobuf
(Go)
Mar 14, 2023
Denial of Service in jsonparser
High
CVE-2020-35381
was published
for
github.com/buger/jsonparser
(Go)
May 25, 2022
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service
High
CVE-2022-34037
was published
for
github.com/caddyserver/caddy
(Go)
Jul 23, 2022
•
withdrawn
Uncontrolled Resource Consumption in pillow
High
CVE-2021-23437
was published
for
pillow
(pip)
Sep 7, 2021
Markdown vulnerable to Out-of-bounds Read while parsing citations
High
CVE-2023-42821
was published
for
github.com/gomarkdown/markdown
(Go)
Sep 22, 2023
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
ChakraCore RCE Vulnerability
High
CVE-2018-8139
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
golang.org/x/text/language Out-of-bounds Read vulnerability
High
CVE-2021-38561
was published
for
golang.org/x/text
(Go)
Dec 26, 2022
Out of bounds write in grappler in Tensorflow
High
CVE-2022-41902
was published
for
tensorflow
(pip)
Nov 21, 2022
Denial of service or RCE from libxml2 and libxslt
High
CVE-2015-8806
was published
for
nokogiri
(RubyGems)
Sep 17, 2018
ProTip!
Advisories are also available from the
GraphQL API