Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,524
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and... Critical Unreviewed
CVE-2021-22680 was published May 4, 2022
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in... Critical Unreviewed
CVE-2021-27417 was published May 4, 2022
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc... Critical Unreviewed
CVE-2021-27419 was published May 4, 2022
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc... Critical Unreviewed
CVE-2021-27421 was published May 4, 2022
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc... Critical Unreviewed
CVE-2021-27427 was published May 4, 2022
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc ... Critical Unreviewed
CVE-2021-27431 was published May 4, 2022
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc.... Critical Unreviewed
CVE-2021-27425 was published May 4, 2022
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc... Critical Unreviewed
CVE-2021-27439 was published May 4, 2022
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function... Critical Unreviewed
CVE-2021-27433 was published May 4, 2022
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function,... Critical Unreviewed
CVE-2021-27435 was published May 4, 2022
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in... Critical Unreviewed
CVE-2009-0947 was published Apr 21, 2022
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound... Critical Unreviewed
CVE-2022-23884 was published Mar 29, 2022
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32... Critical Unreviewed
CVE-2022-22721 was published Mar 15, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Critical Unreviewed
CVE-2021-42019 was published Mar 9, 2022
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer... Critical Unreviewed
CVE-2022-26495 was published Mar 7, 2022
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful... Critical Unreviewed
CVE-2021-22480 was published Feb 26, 2022
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server... Critical Unreviewed
CVE-2022-25330 was published Feb 25, 2022
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer... Critical Unreviewed
CVE-2022-24310 was published Feb 11, 2022
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Critical Unreviewed
CVE-2022-22823 was published Feb 10, 2022
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Critical Unreviewed
CVE-2022-22822 was published Feb 10, 2022
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Critical Unreviewed
CVE-2022-22824 was published Feb 10, 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for... Critical Unreviewed
CVE-2022-23852 was published Feb 10, 2022
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Critical Unreviewed
CVE-2022-23990 was published Feb 10, 2022
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer... Critical Unreviewed
CVE-2021-30636 was published Jan 25, 2022
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following... Critical Unreviewed
CVE-2021-26706 was published Jan 25, 2022
ProTip! Advisories are also available from the GraphQL API