GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
484 advisories
Filter by severity
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.
Critical
Unreviewed
CVE-2019-13470
was published
May 24, 2022
When EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function...
Critical
Unreviewed
CVE-2019-11040
was published
May 24, 2022
Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x...
Critical
Unreviewed
CVE-2019-11039
was published
May 24, 2022
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers....
Critical
Unreviewed
CVE-2018-6350
was published
May 24, 2022
Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in...
Critical
Unreviewed
CVE-2018-13911
was published
May 24, 2022
Lack of check on length of reason-code fetched from payload may lead driver access the memory not...
Critical
Unreviewed
CVE-2018-11955
was published
May 24, 2022
While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to...
Critical
Unreviewed
CVE-2018-11953
was published
May 24, 2022
Lack of input validation before copying can lead to a buffer over read in WLAN function in...
Critical
Unreviewed
CVE-2018-11937
was published
May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2...
Critical
Unreviewed
CVE-2019-11036
was published
May 24, 2022
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds...
Critical
Unreviewed
CVE-2019-3561
was published
May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2...
Critical
Unreviewed
CVE-2019-11034
was published
May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2...
Critical
Unreviewed
CVE-2019-11035
was published
May 24, 2022
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through...
Critical
Unreviewed
CVE-2021-42147
was published
Jan 24, 2024
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows...
Critical
Unreviewed
CVE-2021-42144
was published
Jan 24, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko...
Critical
Unreviewed
CVE-2023-4280
was published
Jan 2, 2024
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in...
Critical
Unreviewed
CVE-2023-38426
was published
Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not...
Critical
Unreviewed
CVE-2023-38428
was published
Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does...
Critical
Unreviewed
CVE-2023-38432
was published
Jul 18, 2023
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
Critical
Unreviewed
CVE-2022-4337
was published
Jan 11, 2023
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Critical
Unreviewed
CVE-2022-4338
was published
Jan 11, 2023
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in...
Critical
Unreviewed
CVE-2023-41359
was published
Aug 29, 2023
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte...
Critical
Unreviewed
CVE-2023-41360
was published
Aug 29, 2023
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows...
Critical
Unreviewed
CVE-2023-42537
was published
Nov 13, 2023
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows...
Critical
Unreviewed
CVE-2023-42536
was published
Nov 13, 2023
ProTip!
Advisories are also available from the
GraphQL API