Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function... Critical Unreviewed
CVE-2024-35325 was published Jun 13, 2024
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The... Critical Unreviewed
CVE-2024-23809 was published Feb 20, 2024
A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig... Critical Unreviewed
CVE-2024-22097 was published Feb 20, 2024
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free,... Critical Unreviewed
CVE-2023-49937 was published Dec 14, 2023
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and... Critical Unreviewed
CVE-2023-35784 was published Jun 16, 2023
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. Critical Unreviewed
CVE-2022-40515 was published Mar 10, 2023
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules... Critical Unreviewed
CVE-2021-33304 was published Feb 16, 2023
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms... Critical Unreviewed
CVE-2023-25136 was published Feb 3, 2023
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a... Critical Unreviewed
CVE-2022-42915 was published Oct 30, 2022
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This... Critical Unreviewed
CVE-2022-0699 was published Oct 17, 2022
Double free vulnerability in the storage module. Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-39002 was published Sep 17, 2022
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto,... Critical Unreviewed
CVE-2022-25668 was published Sep 3, 2022
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of... Critical Unreviewed
CVE-2022-23459 was published Aug 20, 2022
A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation... Critical Unreviewed
CVE-2020-27794 was published Aug 20, 2022
Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms... Critical Unreviewed
CVE-2022-22086 was published Jun 15, 2022
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Critical Unreviewed
CVE-2019-5481 was published May 24, 2022
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances... Critical Unreviewed
CVE-2021-22945 was published May 24, 2022
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from... Critical Unreviewed
CVE-2021-36088 was published May 24, 2022
Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in... Critical Unreviewed
CVE-2021-34184 was published May 24, 2022
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon... Critical Unreviewed
CVE-2021-1910 was published May 24, 2022
In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter... Critical Unreviewed
CVE-2021-31162 was published May 24, 2022
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the... Critical Unreviewed
CVE-2020-36318 was published May 24, 2022
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double... Critical Unreviewed
CVE-2021-0397 was published May 24, 2022
move_elements can double-free objects on panic Critical
CVE-2021-28031 was published for scratchpad (Rust) May 24, 2022
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common... Critical Unreviewed
CVE-2021-28041 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API