Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

293 advisories

Loading
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function... Critical Unreviewed
CVE-2021-27433 was published May 4, 2022
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function,... Critical Unreviewed
CVE-2021-27435 was published May 4, 2022
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc... Critical Unreviewed
CVE-2021-27439 was published May 4, 2022
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc... Critical Unreviewed
CVE-2021-27421 was published May 4, 2022
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc... Critical Unreviewed
CVE-2021-27427 was published May 4, 2022
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc... Critical Unreviewed
CVE-2021-27419 was published May 4, 2022
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc ... Critical Unreviewed
CVE-2021-27431 was published May 4, 2022
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc.... Critical Unreviewed
CVE-2021-27425 was published May 4, 2022
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and... Critical Unreviewed
CVE-2021-22680 was published May 4, 2022
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in... Critical Unreviewed
CVE-2021-27417 was published May 4, 2022
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c:... Critical Unreviewed
CVE-2018-10191 was published May 7, 2022
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for... Critical Unreviewed
CVE-2016-8705 was published May 13, 2022
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible... Critical Unreviewed
CVE-2016-8704 was published May 13, 2022
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of... Critical Unreviewed
CVE-2017-2921 was published May 13, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing... Critical Unreviewed
CVE-2017-2892 was published May 13, 2022
An integer overflow vulnerability exists in the X509 certificate parsing functionality of... Critical Unreviewed
CVE-2017-2782 was published May 13, 2022
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow... Critical Unreviewed
CVE-2016-9558 was published May 13, 2022
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which... Critical Unreviewed
CVE-2016-2177 was published May 13, 2022
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis... Critical Unreviewed
CVE-2018-11219 was published May 13, 2022
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which... Critical Unreviewed
CVE-2018-17963 was published May 13, 2022
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. Critical Unreviewed
CVE-2018-1084 was published May 13, 2022
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows... Critical Unreviewed
CVE-2017-14062 was published May 13, 2022
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in... Critical Unreviewed
CVE-2018-7225 was published May 13, 2022
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on... Critical Unreviewed
CVE-2018-5095 was published May 13, 2022
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm... Critical Unreviewed
CVE-2016-5344 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API