GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,524
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+
286 advisories
Filter by severity
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and...
Critical
Unreviewed
CVE-2021-22680
was published
May 4, 2022
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in...
Critical
Unreviewed
CVE-2021-27417
was published
May 4, 2022
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc...
Critical
Unreviewed
CVE-2021-27419
was published
May 4, 2022
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc...
Critical
Unreviewed
CVE-2021-27421
was published
May 4, 2022
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc...
Critical
Unreviewed
CVE-2021-27427
was published
May 4, 2022
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc ...
Critical
Unreviewed
CVE-2021-27431
was published
May 4, 2022
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc....
Critical
Unreviewed
CVE-2021-27425
was published
May 4, 2022
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc...
Critical
Unreviewed
CVE-2021-27439
was published
May 4, 2022
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function...
Critical
Unreviewed
CVE-2021-27433
was published
May 4, 2022
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function,...
Critical
Unreviewed
CVE-2021-27435
was published
May 4, 2022
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in...
Critical
Unreviewed
CVE-2009-0947
was published
Apr 21, 2022
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound...
Critical
Unreviewed
CVE-2022-23884
was published
Mar 29, 2022
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32...
Critical
Unreviewed
CVE-2022-22721
was published
Mar 15, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
Critical
Unreviewed
CVE-2021-42019
was published
Mar 9, 2022
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer...
Critical
Unreviewed
CVE-2022-26495
was published
Mar 7, 2022
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful...
Critical
Unreviewed
CVE-2021-22480
was published
Feb 26, 2022
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server...
Critical
Unreviewed
CVE-2022-25330
was published
Feb 25, 2022
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer...
Critical
Unreviewed
CVE-2022-24310
was published
Feb 11, 2022
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22823
was published
Feb 10, 2022
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22822
was published
Feb 10, 2022
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22824
was published
Feb 10, 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for...
Critical
Unreviewed
CVE-2022-23852
was published
Feb 10, 2022
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Critical
Unreviewed
CVE-2022-23990
was published
Feb 10, 2022
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer...
Critical
Unreviewed
CVE-2021-30636
was published
Jan 25, 2022
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following...
Critical
Unreviewed
CVE-2021-26706
was published
Jan 25, 2022
ProTip!
Advisories are also available from the
GraphQL API