Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

293 advisories

Loading
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage... Critical Unreviewed
CVE-2010-3729 was published May 13, 2022
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to... Critical Unreviewed
CVE-2010-4202 was published May 13, 2022
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44,... Critical Unreviewed
CVE-2010-4203 was published May 13, 2022
Mercurial mishandles integer addition and subtraction Critical
CVE-2018-13347 was published for mercurial (pip) May 13, 2022
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0... Critical Unreviewed
CVE-2018-9838 was published May 13, 2022
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory... Critical Unreviewed
CVE-2016-8859 was published May 13, 2022
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex... Critical Unreviewed
CVE-2016-10141 was published May 13, 2022
Improper input validation together with an integer overflow in the EAP-TLS protocol... Critical Unreviewed
CVE-2018-11574 was published May 13, 2022
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an... Critical Unreviewed
CVE-2018-14086 was published May 13, 2022
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The... Critical Unreviewed
CVE-2018-14087 was published May 13, 2022
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the... Critical Unreviewed
CVE-2018-14084 was published May 13, 2022
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK... Critical Unreviewed
CVE-2017-18187 was published May 13, 2022
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1... Critical Unreviewed
CVE-2015-2310 was published May 13, 2022
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote... Critical Unreviewed
CVE-2017-14061 was published May 13, 2022
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area,... Critical Unreviewed
CVE-2017-9282 was published May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function... Critical Unreviewed
CVE-2017-12177 was published May 13, 2022
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S... Critical Unreviewed
CVE-2017-12179 was published May 13, 2022
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the... Critical Unreviewed
CVE-2017-1000158 was published May 13, 2022
libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in... Critical Unreviewed
CVE-2017-9196 was published May 13, 2022
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and... Critical Unreviewed
CVE-2017-9120 was published May 14, 2022
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the... Critical Unreviewed
CVE-2018-7226 was published May 14, 2022
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a... Critical Unreviewed
CVE-2018-19199 was published May 14, 2022
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.*... Critical Unreviewed
CVE-2018-1126 was published May 14, 2022
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell... Critical Unreviewed
CVE-2017-5953 was published May 14, 2022
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot... Critical Unreviewed
CVE-2016-5762 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API