Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c
Out-of-bounds Read in atob Critical
CVE-2018-3745 was published for atob (npm) Oct 9, 2018
Out-of-bounds Read in Pillow Critical
CVE-2021-25287 was published for Pillow (pip) Jun 8, 2021
Out-of-bounds Read Critical
CVE-2021-25288 was published for Pillow (pip) Jun 8, 2021
Out of bounds access in compact_arena Critical
CVE-2019-16139 was published for compact_arena (Rust) Aug 25, 2021
Out of bounds access in lucet-runtime-internals Critical
CVE-2020-35859 was published for lucet-runtime-internals (Rust) Aug 25, 2021
Out of bounds read in simple-slab Critical
CVE-2020-35892 was published for simple-slab (Rust) Aug 25, 2021
Out of bounds read in bra Critical
CVE-2021-25905 was published for bra (Rust) Aug 25, 2021
tdunlap607
Out of bounds read in xcb Critical
CVE-2021-26957 was published for xcb (Rust) Aug 25, 2021
Out of bounds read in fltk Critical
CVE-2021-28308 was published for fltk (Rust) Aug 25, 2021
Mercurial Out-of-bounds Read vulnerability Critical
CVE-2018-17983 was published for mercurial (pip) May 14, 2022
Asterix Heap-based Buffer Overflow Critical
CVE-2021-44144 was published for asterix_decoder (pip) May 24, 2022
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching Critical
CVE-2020-26269 was published for tensorflow (pip) Oct 7, 2022
PaddlePaddle Out-of-bounds Read vulnerability Critical
CVE-2022-46741 was published for paddlepaddle (pip) Dec 7, 2022
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
Deno improperly handles resizable ArrayBuffer Critical
CVE-2023-28445 was published for Deno (Rust) Mar 23, 2023
lucacasonato JohnTitor
nipunn1313
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation Critical
CVE-2023-25668 was published for tensorflow (pip) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API