Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution High
CVE-2025-55298 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
leehohojune jin-156
amethyst0225
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape High
CVE-2025-24359 was published for asteval (pip) Jan 24, 2025
SteakEnthusiast
TiDB vulnerable to Use of Externally-Controlled Format String Critical
CVE-2022-3023 was published for github.com/pingcap/tidb (Go) Nov 4, 2022
dwisiswant0
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
Apache log4net format string vulnerability causes DoS Moderate
CVE-2006-0743 was published for log4net (NuGet) May 1, 2022
Use of Externally-Controlled Format String in consoleme Critical
CVE-2022-27177 was published for consoleme (pip) Apr 3, 2022
Use of Externally-Controlled Format String in wire-avs High
CVE-2021-41193 was published for com.wire:avs (Maven) Mar 1, 2022
Remote Code Execution in Apache Dubbo Critical
CVE-2021-36161 was published for org.apache.dubbo:dubbo (Maven) Sep 10, 2021
Mishandling of format strings in ncurses High
CVE-2019-15547 was published for ncurses (Rust) Aug 25, 2021
Format string vulnerabilities in pancurses High
CVE-2019-15546 was published for pancurses (Rust) Aug 25, 2021
Mishandling of format strings in rusqlite Critical
CVE-2020-35869 was published for rusqlite (Rust) Aug 25, 2021
Denial of Service in Tensorflow High
CVE-2020-15203 was published for tensorflow (pip) Sep 25, 2020
Jinja2 sandbox escape vulnerability High
CVE-2016-10745 was published for Jinja2 (pip) Apr 10, 2019
Plone Sandbox Escape Moderate
CVE-2017-5524 was published for Plone (pip) Jul 12, 2018
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607
gtk2 vulnerable to Use of Externally-Controlled Format String Moderate
CVE-2007-6183 was published for gtk2 (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database