GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,033
Erlang
29
GitHub Actions
18
Go
1,843
Maven
5,000+
npm
3,580
NuGet
634
pip
3,162
Pub
10
RubyGems
849
Rust
801
Swift
34
Unreviewed advisories
All unreviewed
5,000+
96 advisories
Filter by severity
PyMongo Out-of-bounds Read in the bson module
Moderate
CVE-2024-5629
was published
for
pymongo
(pip)
Jun 5, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
GHSA-cr6f-gf5w-vhrc
was published
for
pymongo
(pip)
Apr 6, 2024
•
withdrawn
Mercurial Out-of-bounds Read vulnerability
Critical
CVE-2018-17983
was published
for
mercurial
(pip)
May 14, 2022
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
Uncontrolled Resource Consumption in pillow
High
CVE-2021-23437
was published
for
pillow
(pip)
Sep 7, 2021
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
Critical
CVE-2020-26269
was published
for
tensorflow
(pip)
Oct 7, 2022
Asterix Heap-based Buffer Overflow
Critical
CVE-2021-44144
was published
for
asterix_decoder
(pip)
May 24, 2022
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
PaddlePaddle segfault in paddle.mode
Moderate
CVE-2023-38678
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Out of bounds write in grappler in Tensorflow
High
CVE-2022-41902
was published
for
tensorflow
(pip)
Nov 21, 2022
Aubio is vulnerable to out of bound read when samplerate > 50kHz
High
CVE-2018-14523
was published
for
aubio
(pip)
May 13, 2022
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Critical
CVE-2023-25668
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
High
CVE-2023-25659
was published
for
tensorflow
(pip)
Mar 24, 2023
ProTip!
Advisories are also available from the
GraphQL API