Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vyper's `_abi_decode` input not validated in complex expressions Moderate
CVE-2023-42460 was published for vyper (pip) Sep 26, 2023
trocher
Frontier's modexp precompile is slow for even modulus High
CVE-2023-28431 was published for frontier (Rust) Mar 21, 2023
guidovranken
OpenZeppelin Contracts contains Incorrect Calculation Moderate
CVE-2023-26488 was published for @openzeppelin/contracts (npm) Mar 3, 2023
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars High
CVE-2023-24533 was published for filippo.io/nistec (Go) Mar 1, 2023
Weight not properly refunded after EVM execution Moderate
CVE-2022-39242 was published for frontier (Rust) Sep 23, 2022
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals High
CVE-2022-31198 was published for @openzeppelin/contracts (npm) Aug 18, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs Moderate
CVE-2022-31104 was published for cranelift-codegen (Rust) Jun 29, 2022
alexcrichton MaineK00n
Uncontrolled Resource Consumption in fast-string-search High
CVE-2022-22138 was published for fast-string-search (npm) Jun 18, 2022
Incorrect Calculation in moodle Critical
CVE-2022-30600 was published for moodle/moodle (Composer) May 19, 2022
Incorrect Calculation in solana_rbpf Critical
CVE-2022-23066 was published for solana_rbpf (Rust) May 10, 2022
Incorrect Calculation in github.com/open-policy-agent/opa Moderate
CVE-2022-23628 was published for github.com/open-policy-agent/opa (Go) Feb 9, 2022
johanneslarsson
Incorrect Calculation in the MSR JavaScript Cryptography Library High
CVE-2020-1026 was published for msrcrypto (npm) Jan 6, 2022
Segfault due to negative splits in `SplitV` Moderate
CVE-2021-41222 was published for tensorflow (pip) Nov 10, 2021
missing clamps for decimal args in external functions Moderate
CVE-2021-41122 was published for vyper (pip) Oct 6, 2021
Calculation error in ark-r1cs-std Critical
CVE-2021-38194 was published for ark-r1cs-std (Rust) Aug 25, 2021
tdunlap607
Flaw in streaming state in orion High
CVE-2018-20999 was published for orion (Rust) Aug 25, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode Low
GHSA-xh2p-7p87-fhgh was published for @liquity/contracts (npm) Aug 5, 2021
Consensus flaw during block processing in github.com/ethereum/go-ethereum Moderate
CVE-2020-26265 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
johnyangk
Shallow copy bug in geth Moderate
CVE-2020-26241 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
johnyangk
Erroneous Proof of Work calculation in geth Moderate
CVE-2020-26240 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
slavikus
Incorrect Calculation in bigint-money Low
GHSA-9r3m-mhfm-39cm was published for bigint-money (npm) Sep 11, 2020
Sensitive Data Exposure in msrcrypto Critical
CVE-2018-8319 was published for msrcrypto (npm) Sep 10, 2018
ProTip! Advisories are also available from the GraphQL API