GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
183 advisories
Filter by severity
Drop of uninitialized memory in Ozone
Critical
CVE-2020-35878
was published
for
ozone
(Rust)
Aug 25, 2021
nb-connect invalidly assumes the memory layout of std::net::SocketAddr
Critical
CVE-2021-27376
was published
for
nb-connect
(Rust)
Aug 25, 2021
crossbeam-channel Undefined Behavior before v0.4.4
High
CVE-2020-15254
was published
for
crossbeam-channel
(Rust)
Aug 25, 2021
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
protobuf-cpp and protobuf-python have potential Denial of Service issue
High
CVE-2022-1941
was published
for
protobuf
(pip)
Sep 23, 2022
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Excessive memory allocation
Moderate
CVE-2018-12541
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
High
CVE-2023-28638
was published
for
Snappier
(NuGet)
Mar 27, 2023
Wasmtime out of bounds read/write with zero-memory-pages configuration
Moderate
CVE-2022-39392
was published
for
wasmtime
(Rust)
Nov 10, 2022
Out of bounds memory access in github.com/open-policy-agent/opa
High
CVE-2022-28946
was published
for
github.com/open-policy-agent/opa
(Go)
May 20, 2022
go-codec-dagpb vulnerable to panic when decoding invalid blocks
High
CVE-2022-2584
was published
for
github.com/ipld/go-codec-dagpb
(Go)
Dec 28, 2022
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
Moderate
CVE-2013-4179
was published
for
nova
(pip)
May 17, 2022
Memory corruption when returning a literal struct with a private call inside of it
High
CVE-2021-41121
was published
for
vyper
(pip)
Oct 12, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
High
CVE-2017-12862
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Moderate
CVE-2017-17760
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
High
CVE-2017-12601
was published
for
opencv-contrib-python
(pip)
Oct 12, 2021
Out of bounds write in nalgebra
Critical
CVE-2021-38190
was published
for
nalgebra
(Rust)
Aug 25, 2021
Heap buffer overflow in `AvgPool3DGrad`
Low
CVE-2021-29577
was published
for
tensorflow
(pip)
May 21, 2021
Heap buffer overflow in `MaxPool3DGradGrad`
Low
CVE-2021-29576
was published
for
tensorflow
(pip)
May 21, 2021
Heap buffer overflow in `MaxPoolGrad`
Low
CVE-2021-29579
was published
for
tensorflow
(pip)
May 21, 2021
Heap buffer overflow in `FractionalAvgPoolGrad`
Low
CVE-2021-29578
was published
for
tensorflow
(pip)
May 21, 2021
Remote code execution in ChakraCore
High
CVE-2020-1057
was published
for
Microsoft.ChakraCore
(NuGet)
Aug 2, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2020-13934
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 8, 2022
Inappropriate implementation in V8 in CefSharp
High
CVE-2020-16013
was published
for
CefSharp.Common
(NuGet)
Nov 27, 2020
ProTip!
Advisories are also available from the
GraphQL API