Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Firepad allows insecure document access Low
CVE-2024-51210 was published for firepad (npm) Dec 4, 2024
`ruzstd` uninit and out-of-bounds memory reads Moderate
GHSA-x3f4-45xf-rjm7 was published for ruzstd (Rust) Dec 2, 2024
Ant-Media-Server vulnerable to Improper Output Neutralization for Logs High
CVE-2024-35371 was published for io.antmedia:ant-media-server (Maven) Nov 29, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Ollama Out-of-bounds Read High
CVE-2024-39720 was published for github.com/ollama/ollama (Go) Oct 31, 2024
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder Moderate
CVE-2024-24826 was published for exiv2 (pip) Oct 17, 2024
westonsteimel
node-stringbuilder vulnerable to Out-of-bounds Read High
CVE-2024-21524 was published for node-stringbuilder (npm) Jul 10, 2024
PyMongo Out-of-bounds Read in the bson module Moderate
CVE-2024-5629 was published for pymongo (pip) Jun 5, 2024
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash Moderate
CVE-2024-36124 was published for org.iq80.snappy:snappy (Maven) Jun 4, 2024
Decompressors can crash the JVM and leak memory content in Aircompressor High
CVE-2024-36114 was published for io.airlift:aircompressor (Maven) Jun 2, 2024
ptaoussanis Marcono1234
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. Moderate
CVE-2024-29857 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
PyMongo Out-of-bounds Read in the bson module Moderate
GHSA-cr6f-gf5w-vhrc was published for pymongo (pip) Apr 6, 2024 withdrawn
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory Low
CVE-2024-27094 was published for @openzeppelin/contracts (npm) Feb 29, 2024
rholterhus
Vyper's `extract32` can ready dirty memory Low
CVE-2024-24564 was published for vyper (pip) Feb 26, 2024
trocher
Onnx Out-of-bounds Read vulnerability Moderate
CVE-2024-27319 was published for onnx (pip) Feb 23, 2024
iarspider
PaddlePaddle segfault in paddle.mode Moderate
CVE-2023-38678 was published for PaddlePaddle (pip) Jan 3, 2024
Markdown vulnerable to Out-of-bounds Read while parsing citations High
CVE-2023-42821 was published for github.com/gomarkdown/markdown (Go) Sep 22, 2023
NSEcho
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses Low
CVE-2023-41051 was published for vm-memory (Rust) Sep 4, 2023
Manishearth
hson-java vulnerable to denial of service High
CVE-2023-39685 was published for org.hjson:hjson (Maven) Sep 1, 2023
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch High
CVE-2023-25659 was published for tensorflow (pip) Mar 24, 2023
dengyinlin
TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation Critical
CVE-2023-25668 was published for tensorflow (pip) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database