Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check Moderate
CVE-2025-55159 was published for slab (Rust) Aug 11, 2025
mox692
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile` Moderate
GHSA-9ghp-w2hm-vfpf was published for wasmtime-jit-debug (Rust) Jun 17, 2025
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
tanton_engine has unsound public API Moderate
GHSA-m2xr-2vj4-wh94 was published for tanton_engine (Rust) May 6, 2025
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Panic in mp3-metadata due to the lack of bounds checking Moderate
GHSA-927q-g9w9-pm54 was published for mp3-metadata (Rust) Apr 30, 2025
jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2025-3588 was published for org.jsonschema2pojo:jsonschema2pojo-core (Maven) Apr 14, 2025
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
ChakraCore RCE Vulnerability High
CVE-2016-7200 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore RCE Vulnerability High
CVE-2016-7201 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
Heap buffer overflow in CefSharp Moderate
CVE-2020-15999 was published for CefSharp.Common (NuGet) Oct 27, 2020
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service High
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
anonymous-nlp-student
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront kuroi8
Vyper's external calls can overflow return data to return input buffer Low
CVE-2024-24560 was published for vyper (pip) Feb 2, 2024
zobront
Buffer Overflow in vyper High
CVE-2022-24788 was published for vyper (pip) Apr 20, 2022
Memory corruption when returning a literal struct with a private call inside of it High
CVE-2021-41121 was published for vyper (pip) Oct 12, 2021
tlslite remote denial of service vulnerability High
CVE-2015-3220 was published for tlslite (pip) May 14, 2022
Heap buffer overflow in `MaxPoolGrad` Low
CVE-2021-29579 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `FractionalAvgPoolGrad` Low
CVE-2021-29578 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `AvgPool3DGrad` Low
CVE-2021-29577 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `MaxPool3DGradGrad` Low
CVE-2021-29576 was published for tensorflow (pip) May 21, 2021
Overflow/denial of service in `tf.raw_ops.ReverseSequence` Low
CVE-2021-29575 was published for tensorflow (pip) May 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database