Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

286 advisories

Loading
lz4-sys vulnerable to memory corruption via issue in liblz4 Critical
GHSA-9q5j-jm53-v7vr was published for lz4-sys (Rust) Sep 1, 2022
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound... Critical Unreviewed
CVE-2022-23884 was published Mar 29, 2022
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in... Critical Unreviewed
CVE-2009-0947 was published Apr 21, 2022
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of... Critical Unreviewed
CVE-2017-2921 was published May 13, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing... Critical Unreviewed
CVE-2017-2892 was published May 13, 2022
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that... Critical Unreviewed
CVE-2017-5340 was published May 14, 2022
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP... Critical Unreviewed
CVE-2016-4345 was published May 17, 2022
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects... Critical Unreviewed
CVE-2016-9063 was published May 14, 2022
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and... Critical Unreviewed
CVE-2017-9120 was published May 14, 2022
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows... Critical Unreviewed
CVE-2016-4346 was published May 14, 2022
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in... Critical Unreviewed
CVE-2016-5770 was published May 14, 2022
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote... Critical Unreviewed
CVE-2016-3078 was published May 17, 2022
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows... Critical Unreviewed
CVE-2016-4344 was published May 17, 2022
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote... Critical Unreviewed
CVE-2020-28020 was published May 24, 2022
An integer overflow was addressed with improved input validation. This issue is fixed in Security... Critical Unreviewed
CVE-2022-26775 was published May 27, 2022
A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality... Critical Unreviewed
CVE-2021-21795 was published May 24, 2022
An integer overflow issue was addressed with improved input validation. This issue is fixed in... Critical Unreviewed
CVE-2022-26711 was published May 27, 2022
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond... Critical Unreviewed
CVE-2022-28615 was published Jun 10, 2022
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile... Critical Unreviewed
CVE-2022-25651 was published Jun 15, 2022
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM)... Critical Unreviewed
CVE-2023-0077 was published Jan 5, 2023
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32... Critical Unreviewed
CVE-2022-22721 was published Mar 15, 2022
Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC... Critical Unreviewed
CVE-2016-6999 was published May 17, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c... Critical Unreviewed
CVE-2017-9198 was published May 17, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed
CVE-2017-9184 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API