Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

183 advisories

Loading
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Low
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
PaddlePaddle segfault in paddle.mode Moderate
CVE-2023-38678 was published for PaddlePaddle (pip) Jan 3, 2024
Markdown vulnerable to Out-of-bounds Read while parsing citations High
CVE-2023-42821 was published for github.com/gomarkdown/markdown (Go) Sep 22, 2023
NSEcho
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses Low
CVE-2023-41051 was published for vm-memory (Rust) Sep 4, 2023
Manishearth
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53160 was published for sequoia-openpgp (Rust) Jun 6, 2023
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch High
CVE-2023-25659 was published for tensorflow (pip) Mar 24, 2023
dengyinlin
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation Critical
CVE-2023-25668 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad High
CVE-2023-25658 was published for tensorflow (pip) Mar 24, 2023
Deno improperly handles resizable ArrayBuffer Critical
CVE-2023-28445 was published for Deno (Rust) Mar 23, 2023
lucacasonato JohnTitor
nipunn1313
google.golang.org/protobuf vulnerable to panic leading to denial of service High
CVE-2023-24535 was published for google.golang.org/protobuf (Go) Mar 14, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64 Critical
CVE-2023-26489 was published for cranelift-codegen (Rust) Mar 9, 2023
alexcrichton
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-hxp2-xqf3-v83h was published for github.com/pion/dtls (Go) Feb 7, 2023
Apache InLong contains Out-of-bounds Read vulnerability High
CVE-2023-24977 was published for org.apache.inlong:inlong (Maven) Feb 1, 2023
golang.org/x/text/language Out-of-bounds Read vulnerability High
CVE-2021-38561 was published for golang.org/x/text (Go) Dec 26, 2022
Patchelf out-of-bounds read High
CVE-2022-44940 was published for patchelf (pip) Dec 20, 2022
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database