GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage...
Critical
Unreviewed
CVE-2010-3729
was published
May 13, 2022
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to...
Critical
Unreviewed
CVE-2010-4202
was published
May 13, 2022
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44,...
Critical
Unreviewed
CVE-2010-4203
was published
May 13, 2022
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0...
Critical
Unreviewed
CVE-2018-9838
was published
May 13, 2022
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory...
Critical
Unreviewed
CVE-2016-8859
was published
May 13, 2022
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex...
Critical
Unreviewed
CVE-2016-10141
was published
May 13, 2022
Improper input validation together with an integer overflow in the EAP-TLS protocol...
Critical
Unreviewed
CVE-2018-11574
was published
May 13, 2022
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an...
Critical
Unreviewed
CVE-2018-14086
was published
May 13, 2022
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The...
Critical
Unreviewed
CVE-2018-14087
was published
May 13, 2022
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the...
Critical
Unreviewed
CVE-2018-14084
was published
May 13, 2022
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK...
Critical
Unreviewed
CVE-2017-18187
was published
May 13, 2022
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1...
Critical
Unreviewed
CVE-2015-2310
was published
May 13, 2022
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote...
Critical
Unreviewed
CVE-2017-14061
was published
May 13, 2022
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area,...
Critical
Unreviewed
CVE-2017-9282
was published
May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function...
Critical
Unreviewed
CVE-2017-12177
was published
May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S...
Critical
Unreviewed
CVE-2017-12179
was published
May 13, 2022
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the...
Critical
Unreviewed
CVE-2017-1000158
was published
May 13, 2022
libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in...
Critical
Unreviewed
CVE-2017-9196
was published
May 13, 2022
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and...
Critical
Unreviewed
CVE-2017-9120
was published
May 14, 2022
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the...
Critical
Unreviewed
CVE-2018-7226
was published
May 14, 2022
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a...
Critical
Unreviewed
CVE-2018-19199
was published
May 14, 2022
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.*...
Critical
Unreviewed
CVE-2018-1126
was published
May 14, 2022
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell...
Critical
Unreviewed
CVE-2017-5953
was published
May 14, 2022
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot...
Critical
Unreviewed
CVE-2016-5762
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API