Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash Moderate
CVE-2024-36124 was published for org.iq80.snappy:snappy (Maven) Jun 4, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Low
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
PaddlePaddle segfault in paddle.mode Moderate
CVE-2023-38678 was published for PaddlePaddle (pip) Jan 3, 2024
Markdown vulnerable to Out-of-bounds Read while parsing citations High
CVE-2023-42821 was published for github.com/gomarkdown/markdown (Go) Sep 22, 2023
NSEcho
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses Low
CVE-2023-41051 was published for vm-memory (Rust) Sep 4, 2023
Manishearth
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch High
CVE-2023-25659 was published for tensorflow (pip) Mar 24, 2023
dengyinlin
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation Critical
CVE-2023-25668 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad High
CVE-2023-25658 was published for tensorflow (pip) Mar 24, 2023
Deno improperly handles resizable ArrayBuffer Critical
CVE-2023-28445 was published for Deno (Rust) Mar 23, 2023
lucacasonato JohnTitor
nipunn1313
google.golang.org/protobuf vulnerable to panic leading to denial of service High
CVE-2023-24535 was published for google.golang.org/protobuf (Go) Mar 14, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-hxp2-xqf3-v83h was published for github.com/pion/dtls (Go) Feb 7, 2023
Apache InLong contains Out-of-bounds Read vulnerability High
CVE-2023-24977 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
golang.org/x/text/language Out-of-bounds Read vulnerability High
CVE-2021-38561 was published for golang.org/x/text (Go) Dec 26, 2022
ProTip! Advisories are also available from the GraphQL API