Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder High
CVE-2026-25989 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
petermalone Credited to petermalone
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion High
CVE-2025-58063 was published for github.com/coredns/coredns (Go) Sep 9, 2025
thevilledev Credited to thevilledev
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized... High Unreviewed
CVE-2025-53733 was published Aug 12, 2025
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49093 was published Dec 12, 2024
DHCP Server Service Remote Code Execution Vulnerability High Unreviewed
CVE-2024-38044 was published Jul 9, 2024
Microsoft ODBC Driver Remote Code Execution Vulnerability High Unreviewed
CVE-2024-26162 was published Mar 12, 2024
Incorrect code generation could have led to unexpected numeric conversions and potential... High Unreviewed
CVE-2024-1552 was published Feb 20, 2024
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive... High Unreviewed
CVE-2023-20006 was published Jun 28, 2023
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign... High Unreviewed
CVE-2023-0185 was published Apr 1, 2023
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large... High Unreviewed
CVE-2022-2639 was published Sep 2, 2022
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets High
CVE-2022-34169 was published for xalan:xalan (Maven) Jul 20, 2022
udengaardandersent-ELS Credited to udengaardandersent-ELS, Diddern, and skuma762_uhg Diddern Diddern
skuma762_uhg skuma762_uhg
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this... High Unreviewed
CVE-2014-125011 was published Jun 19, 2022
An exploitable signed conversion vulnerability exists in the TextMaker document parsing... High Unreviewed
CVE-2020-13545 was published May 24, 2022
An exploitable sign extension vulnerability exists in the TextMaker document parsing... High Unreviewed
CVE-2020-13544 was published May 24, 2022
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality... High Unreviewed
CVE-2021-21860 was published May 24, 2022
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality... High Unreviewed
CVE-2021-21861 was published May 24, 2022
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer... High Unreviewed
CVE-2021-32461 was published May 24, 2022
Due to unexpected data type conversions, a use-after-free could have occurred when interacting... High Unreviewed
CVE-2021-23997 was published May 24, 2022
Windows MSHTML Platform Remote Code Execution Vulnerability High Unreviewed
CVE-2021-33742 was published May 24, 2022
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If... High Unreviewed
CVE-2021-27218 was published May 24, 2022
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function... High Unreviewed
CVE-2021-27219 was published May 24, 2022
Windows Kernel Local Elevation of Privilege Vulnerability High Unreviewed
CVE-2020-17087 was published May 24, 2022
Signed to Unsigned Conversion Error in Facebook Hermes High
CVE-2020-1913 was published for hermes-engine (npm) May 24, 2022
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a... High Unreviewed
CVE-2019-19317 was published May 24, 2022
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does... High Unreviewed
CVE-2017-7308 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database