Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

484 advisories

Loading
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling. Critical Unreviewed
CVE-2019-13470 was published May 24, 2022
When EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function... Critical Unreviewed
CVE-2019-11040 was published May 24, 2022
Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x... Critical Unreviewed
CVE-2019-11039 was published May 24, 2022
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers.... Critical Unreviewed
CVE-2018-6350 was published May 24, 2022
Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in... Critical Unreviewed
CVE-2018-13911 was published May 24, 2022
Lack of check on length of reason-code fetched from payload may lead driver access the memory not... Critical Unreviewed
CVE-2018-11955 was published May 24, 2022
While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to... Critical Unreviewed
CVE-2018-11953 was published May 24, 2022
Lack of input validation before copying can lead to a buffer over read in WLAN function in... Critical Unreviewed
CVE-2018-11937 was published May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2... Critical Unreviewed
CVE-2019-11036 was published May 24, 2022
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds... Critical Unreviewed
CVE-2019-3561 was published May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2... Critical Unreviewed
CVE-2019-11034 was published May 24, 2022
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2... Critical Unreviewed
CVE-2019-11035 was published May 24, 2022
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through... Critical Unreviewed
CVE-2021-42147 was published Jan 24, 2024
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows... Critical Unreviewed
CVE-2021-42144 was published Jan 24, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko... Critical Unreviewed
CVE-2023-4280 was published Jan 2, 2024
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in... Critical Unreviewed
CVE-2023-38426 was published Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not... Critical Unreviewed
CVE-2023-38428 was published Jul 18, 2023
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does... Critical Unreviewed
CVE-2023-38432 was published Jul 18, 2023
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Critical Unreviewed
CVE-2022-4337 was published Jan 11, 2023
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Critical Unreviewed
CVE-2022-4338 was published Jan 11, 2023
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in... Critical Unreviewed
CVE-2023-41359 was published Aug 29, 2023
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte... Critical Unreviewed
CVE-2023-41360 was published Aug 29, 2023
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows... Critical Unreviewed
CVE-2023-42537 was published Nov 13, 2023
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows... Critical Unreviewed
CVE-2023-42536 was published Nov 13, 2023
ProTip! Advisories are also available from the GraphQL API