Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
CosmWasm affected by arithmetic overflows Low
GHSA-8724-5xmm-w5xq was published for cosmwasm-std (Rust) Apr 24, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow Moderate
GHSA-mc39-h54g-pvw6 was published for libdav1d-sys (Rust) Apr 5, 2024
transpose: Buffer overflow due to integer overflow Critical
GHSA-5gmm-6m36-r7jh was published for transpose (Rust) Apr 5, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow Moderate
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow Moderate
CVE-2024-27304 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim gwynne
baarde
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency Critical
CVE-2023-45853 was published for pyminizip (pip) Oct 14, 2023
HTTP/2 HPACK integer overflow and buffer allocation High
CVE-2023-36478 was published for org.eclipse.jetty.http2:http2-hpack (Maven) Oct 10, 2023
samalws-tob kaoudis
smichaels-tob joakime
.eth registrar controller can shorten the duration of registered names Moderate
CVE-2023-38698 was published for @ensdomains/ens-contracts (npm) Aug 1, 2023
snappy-java's Integer Overflow vulnerability in compress leads to DoS Moderate
CVE-2023-34454 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS Moderate
CVE-2023-34453 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware High
CVE-2022-31005 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
CVE-2022-24667 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Vyper vulnerable to integer overflow in loop High
CVE-2023-32058 was published for vyper (pip) May 12, 2023
trocher
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
TensorFlow vulnerable to integer overflow in EditDistance High
CVE-2023-25662 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to segfault when opening multiframe gif Moderate
CVE-2023-25667 was published for tensorflow (pip) Mar 24, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607
TensorFlow vulnerable to Int overflow in `RaggedRangeOp` Moderate
CVE-2022-35940 was published for tensorflow (pip) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API