Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

116 advisories

Loading
ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow High
CVE-2025-57803 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 26, 2025
mescuwa
imagemagick: integer overflows in MNG magnification High
CVE-2025-55154 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (pip) Aug 8, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (pip) Aug 8, 2025
russh is missing overflow checks during channel windows adjust Moderate
CVE-2025-54804 was published for russh (Rust) Aug 4, 2025
onjonjo
Duplicate Advisory: transpose: Buffer overflow due to integer overflow Moderate
GHSA-p444-p2rm-hvrw was published for transpose (Rust) Jul 27, 2025 withdrawn
Duplicate Advisory: CosmWasm affected by arithmetic overflows Low
GHSA-rm83-pxjx-pr5j was published for cosmwasm-std (Rust) Jul 27, 2025 withdrawn
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits Moderate
CVE-2025-52520 was published for org.apache.tomcat:tomcat-catalina (Maven) Jul 10, 2025
Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt High
GHSA-p22h-3m2v-cmgh was published for github.com/cosmos/cosmos-sdk (Go) Jul 8, 2025
Babylon Integer Overflow in Distribution Module CumulativeRewardRatio Calculation Leading to Chain Halt High
GHSA-869w-47c6-fq8q was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow High
CVE-2025-32033 was published for apollo-router (Rust) Apr 7, 2025
Nethermind Juno Potential Denial of Service (DoS) via Integer Overflow High
CVE-2025-29072 was published for github.com/NethermindEth/juno (Go) Mar 27, 2025
containerd has an integer overflow in User ID handling Moderate
CVE-2024-40635 was published for github.com/containerd/containerd (Go) Mar 17, 2025
p4ck3t0 emxll
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic High
GHSA-7225-m954-23v7 was published for cosmossdk.io/math (Go) Nov 20, 2024
TensorFlow has segfault in array_ops.upper_bound High
CVE-2023-33976 was published for tensorflow (pip) Jul 30, 2024
dmc1778
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
sgillies
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
CosmWasm affected by arithmetic overflows Low
CVE-2024-58263 was published for cosmwasm-std (Rust) Apr 24, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow Moderate
GHSA-mc39-h54g-pvw6 was published for libdav1d-sys (Rust) Apr 5, 2024
transpose: Buffer overflow due to integer overflow Moderate
CVE-2023-53156 was published for transpose (Rust) Apr 5, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database