Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

101 advisories

Loading
TensorFlow has segfault in array_ops.upper_bound High
CVE-2023-33976 was published for tensorflow (pip) Jul 30, 2024
dmc1778
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
sgillies
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
CosmWasm affected by arithmetic overflows Low
GHSA-8724-5xmm-w5xq was published for cosmwasm-std (Rust) Apr 24, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow Moderate
GHSA-mc39-h54g-pvw6 was published for libdav1d-sys (Rust) Apr 5, 2024
transpose: Buffer overflow due to integer overflow Critical
GHSA-5gmm-6m36-r7jh was published for transpose (Rust) Apr 5, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow High
GHSA-7jwh-3vrq-q3m8 was published for github.com/jackc/pgproto3 (Go) Mar 4, 2024
paul-gerste-sonarsource
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Integer overflow in chunking helper causes dispatching to miss elements or panic High
CVE-2024-27101 was published for github.com/authzed/spicedb (Go) Mar 1, 2024
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim gwynne
baarde
HTTP/2 HPACK integer overflow and buffer allocation High
CVE-2023-36478 was published for org.eclipse.jetty.http2:http2-hpack (Maven) Oct 10, 2023
samalws-tob kaoudis
smichaels-tob joakime
.eth registrar controller can shorten the duration of registered names Moderate
CVE-2023-38698 was published for @ensdomains/ens-contracts (npm) Aug 1, 2023
snappy-java's Integer Overflow vulnerability in compress leads to DoS Moderate
CVE-2023-34454 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS Moderate
CVE-2023-34453 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware High
CVE-2022-31005 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding High
CVE-2022-24667 was published for github.com/apple/swift-nio-http2 (Swift) May 18, 2023
Vyper vulnerable to integer overflow in loop High
CVE-2023-32058 was published for vyper (pip) May 12, 2023
trocher
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
TensorFlow vulnerable to integer overflow in EditDistance High
CVE-2023-25662 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to segfault when opening multiframe gif Moderate
CVE-2023-25667 was published for tensorflow (pip) Mar 24, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
ProTip! Advisories are also available from the GraphQL API