GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
node-stringbuilder vulnerable to Out-of-bounds Read
High
CVE-2024-21524
was published
for
node-stringbuilder
(npm)
Jul 10, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
CVE-2024-5629
was published
for
pymongo
(pip)
Jun 5, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Moderate
CVE-2024-36124
was published
for
org.iq80.snappy:snappy
(Maven)
Jun 4, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Moderate
CVE-2024-29857
was published
for
BouncyCastle
(Maven)
May 14, 2024
PyMongo Out-of-bounds Read in the bson module
Moderate
GHSA-cr6f-gf5w-vhrc
was published
for
pymongo
(pip)
Apr 6, 2024
•
withdrawn
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Low
CVE-2024-27094
was published
for
@openzeppelin/contracts
(npm)
Feb 29, 2024
Vyper's `extract32` can ready dirty memory
Low
CVE-2024-24564
was published
for
vyper
(pip)
Feb 26, 2024
Onnx Out-of-bounds Read vulnerability
Moderate
CVE-2024-27319
was published
for
onnx
(pip)
Feb 23, 2024
PaddlePaddle segfault in paddle.mode
Moderate
CVE-2023-38678
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
Markdown vulnerable to Out-of-bounds Read while parsing citations
High
CVE-2023-42821
was published
for
github.com/gomarkdown/markdown
(Go)
Sep 22, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
hson-java vulnerable to denial of service
High
CVE-2023-39685
was published
for
org.hjson:hjson
(Maven)
Sep 1, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Moderate
CVE-2023-28448
was published
for
versionize
(Rust)
Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
High
CVE-2023-25659
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation
Critical
CVE-2023-25668
was published
for
tensorflow
(pip)
Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
High
CVE-2023-25658
was published
for
tensorflow
(pip)
Mar 24, 2023
Deno improperly handles resizable ArrayBuffer
Critical
CVE-2023-28445
was published
for
Deno
(Rust)
Mar 23, 2023
google.golang.org/protobuf vulnerable to panic leading to denial of service
High
CVE-2023-24535
was published
for
google.golang.org/protobuf
(Go)
Mar 14, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Critical
CVE-2023-26489
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
partial_sort contains Out-of-bounds Read in release mode
Moderate
GHSA-5x36-7567-3cw6
was published
for
partial_sort
(Rust)
Feb 28, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Moderate
GHSA-hxp2-xqf3-v83h
was published
for
github.com/pion/dtls
(Go)
Feb 7, 2023
ProTip!
Advisories are also available from the
GraphQL API