GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
118 advisories
Filter by severity
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
High
CVE-2024-30253
was published
for
@solana/web3.js
(npm)
Apr 17, 2024
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
High
CVE-2023-28638
was published
for
Snappier
(NuGet)
Mar 27, 2023
go-codec-dagpb vulnerable to panic when decoding invalid blocks
High
CVE-2022-2584
was published
for
github.com/ipld/go-codec-dagpb
(Go)
Dec 28, 2022
protobuf-cpp and protobuf-python have potential Denial of Service issue
High
CVE-2022-1941
was published
for
protobuf
(pip)
Sep 23, 2022
WASM3 Improper Input Validation vulnerability
High
CVE-2022-39974
was published
for
pywasm3
(pip)
Sep 21, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
High
CVE-2022-36086
was published
for
linked_list_allocator
(Rust)
Sep 16, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-1073
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-1065
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0969
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0811
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0812
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0767
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0713
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0712
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0711
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
ChakraCore RCE Vulnerability
High
CVE-2020-0710
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
Remote code execution in ASP.NET Core
High
CVE-2020-0603
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Out of bounds memory access in github.com/open-policy-agent/opa
High
CVE-2022-28946
was published
for
github.com/open-policy-agent/opa
(Go)
May 20, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2012-3444
was published
for
Django
(pip)
May 17, 2022
Pillow Buffer overflow in Jpeg2KEncode.c
High
CVE-2016-3076
was published
for
pillow
(pip)
May 17, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-0224
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-0235
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-0234
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API