GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
High
CVE-2020-36242
was published
for
cryptography
(pip)
Feb 10, 2021
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
Integer overflow in TFLite memory allocation
High
CVE-2021-29605
was published
for
tensorflow
(pip)
May 21, 2021
Integer overflow in TFLite concatentation
Moderate
CVE-2021-29601
was published
for
tensorflow
(pip)
May 21, 2021
Integer Overflow or Wraparound in Google TensorFlow
Critical
CVE-2018-7575
was published
for
tensorflow
(pip)
Apr 30, 2019
TensorFlow has segfault in array_ops.upper_bound
High
CVE-2023-33976
was published
for
tensorflow
(pip)
Jul 30, 2024
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Critical
GHSA-q5fm-55c2-v6j9
was published
for
fiona
(pip)
Jul 16, 2024
HTTP/2 HPACK integer overflow and buffer allocation
High
CVE-2023-36478
was published
for
org.eclipse.jetty.http2:http2-hpack
(Maven)
Oct 10, 2023
Integer overflow in BCrypt class in Spring Security
Moderate
CVE-2022-22976
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Mercurial mishandles integer addition and subtraction
Critical
CVE-2018-13347
was published
for
mercurial
(pip)
May 13, 2022
CosmWasm affected by arithmetic overflows
Low
GHSA-8724-5xmm-w5xq
was published
for
cosmwasm-std
(Rust)
Apr 24, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Moderate
GHSA-mc39-h54g-pvw6
was published
for
libdav1d-sys
(Rust)
Apr 5, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
Integer overflow in chunking helper causes dispatching to miss elements or panic
High
CVE-2024-27101
was published
for
github.com/authzed/spicedb
(Go)
Mar 1, 2024
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Moderate
CVE-2021-43784
was published
for
github.com/opencontainers/runc
(Go)
Dec 7, 2021
Integer Overflow or Wraparound in Apache Tomcat
Moderate
CVE-2014-0075
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
Vapor contains an integer overflow in URI leading to potential host spoofing
Moderate
CVE-2024-21631
was published
for
github.com/vapor/vapor
(Swift)
Jan 3, 2024
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Critical
CVE-2023-45853
was published
for
pyminizip
(pip)
Oct 14, 2023
Buffer overrun in CGI.escape_html
Critical
CVE-2021-41816
was published
for
cgi
(RubyGems)
Dec 14, 2021
PyCryptodome Integer overflow vulnerability
High
CVE-2018-15560
was published
for
pycryptodome
(pip)
Aug 27, 2018
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
ProTip!
Advisories are also available from the
GraphQL API