Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,632
NuGet
638
pip
3,246
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow High
CVE-2020-36242 was published for cryptography (pip) Feb 10, 2021
bsdiff4 out-of-bounds write via patch file High
CVE-2020-15904 was published for bsdiff4 (pip) May 24, 2022
opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-qr4w-53vh-m672 was published for opencv-python (pip) Aug 30, 2024
opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-jh2j-j4j9-crg3 was published for opencv-python-headless (pip) Aug 30, 2024
opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-cxjf-x6jp-p7mc was published for opencv-contrib-python (pip) Aug 30, 2024
opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863 High
GHSA-w2pj-9cgh-mq2c was published for opencv-contrib-python-headless (pip) Aug 30, 2024
Out of bounds access in tensorflow-lite High
CVE-2020-15212 was published for tensorflow (pip) Sep 25, 2020
Out of bounds write in tensorflow-lite High
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
ChakraCore RCE Vulnerability High
CVE-2016-7200 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
Eclipse Parsson stack overflow when parsing deeply nested input High
CVE-2023-7272 was published for org.eclipse.parsson:parsson (Maven) Jul 17, 2024
SixLabors ImageSharp Out-of-bounds Write High
CVE-2024-41131 was published for SixLabors.ImageSharp (NuGet) Jul 22, 2024
Erik-White
Out of bounds read in json-smart High
CVE-2021-31684 was published for net.minidev:json-smart (Maven) Feb 10, 2022
afdesk
htmlcleaner vulnerable to stack exhaustion High
CVE-2023-34624 was published for net.sourceforge.htmlcleaner:htmlcleaner (Maven) Jun 14, 2023
onmyquest
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1195 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1131 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1140 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1139 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
Out-of-bounds write in ChakraCore High
CVE-2019-1196 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write High
CVE-2019-1197 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Out-of-bounds write in Microsoft.ChakraCore High
CVE-2019-1141 was published for Microsoft.ChakraCore (NuGet) Mar 29, 2021
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment High
CVE-2024-21661 was published for github.com/argoproj/argo-cd (Go) Mar 18, 2024
nadava669 todaywasawesome
crenshaw-dev jannfis pasha-codefresh
Buffer Overflow in gitea High
CVE-2021-3382 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
json stack overflow vulnerability High
CVE-2022-45688 was published for cn.hutool:hutool-json (Maven) Dec 13, 2022
westonsteimel aruneko
Pillow Out-of-bounds Write High
CVE-2020-35654 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API