GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Moderate
GHSA-3qx8-rv27-j6gp
was published
for
kvm-ioctls
(Rust)
Dec 23, 2024
Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability
Critical
GHSA-8rxm-6783-qh55
was published
for
System.Formats.Nrbf
(NuGet)
Nov 12, 2024
•
withdrawn
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34394
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Critical
CVE-2024-34393
was published
for
libxmljs2
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34391
was published
for
libxmljs
(npm)
May 2, 2024
libxmljs vulnerable to type confusion when parsing specially crafted XML
Critical
CVE-2024-34392
was published
for
libxmljs
(npm)
May 2, 2024
eyre: Parts of Report are dropped as the wrong type during downcast
High
GHSA-4v52-7q2x-v4xj
was published
for
eyre
(Rust)
Apr 5, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
Unsafe fall-through in getWhereConditions
Critical
CVE-2023-22579
was published
for
@sequelize/core
(npm)
Feb 23, 2023
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions
High
GHSA-r3vq-92c6-3mqf
was published
for
@sequelize/core
(npm)
Feb 16, 2023
•
withdrawn
Vulnerable OpenSSL included in cryptography wheels
High
CVE-2023-0286
was published
for
cryptography
(pip)
Feb 8, 2023
Type confusion if __private_get_type_id__ is overriden
Critical
CVE-2020-25575
was published
for
failure
(Rust)
Jun 16, 2022
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Moderate
CVE-2022-29209
was published
for
tensorflow
(pip)
May 24, 2022
Access of Resource Using Incompatible Type in Facebook Hermes
Critical
CVE-2020-1911
was published
for
hermes-engine
(npm)
May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption
High
CVE-2019-5815
was published
for
nokogiri
(RubyGems)
May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
ChakraCore RCE Vulnerability
High
CVE-2016-7201
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8384
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8291
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8298
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8229
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
ChakraCore RCE Vulnerability
High
CVE-2018-8133
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Type Confusion in LiveHelperChat
High
CVE-2022-1176
was published
for
remdex/livehelperchat
(Composer)
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API