GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
159 advisories
Filter by severity
Out of bounds write in grappler in Tensorflow
High
CVE-2022-41902
was published
for
tensorflow
(pip)
Nov 21, 2022
golang.org/x/text/language Out-of-bounds Read vulnerability
High
CVE-2021-38561
was published
for
golang.org/x/text
(Go)
Dec 26, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8139
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
Markdown vulnerable to Out-of-bounds Read while parsing citations
High
CVE-2023-42821
was published
for
github.com/gomarkdown/markdown
(Go)
Sep 22, 2023
Out of bounds access in lucet-runtime-internals
Critical
CVE-2020-35859
was published
for
lucet-runtime-internals
(Rust)
Aug 25, 2021
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
PaddlePaddle segfault in paddle.mode
Moderate
CVE-2023-38678
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Low
CVE-2024-27094
was published
for
@openzeppelin/contracts
(npm)
Feb 29, 2024
Asterix Heap-based Buffer Overflow
Critical
CVE-2021-44144
was published
for
asterix_decoder
(pip)
May 24, 2022
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
Critical
CVE-2020-26269
was published
for
tensorflow
(pip)
Oct 7, 2022
Uncontrolled Resource Consumption in pillow
High
CVE-2021-23437
was published
for
pillow
(pip)
Sep 7, 2021
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
Mercurial Out-of-bounds Read vulnerability
Critical
CVE-2018-17983
was published
for
mercurial
(pip)
May 14, 2022
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service
High
CVE-2022-34037
was published
for
github.com/caddyserver/caddy
(Go)
Jul 23, 2022
•
withdrawn
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API