GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
376 advisories
Filter by severity
Decompressors can crash the JVM and leak memory content in Aircompressor
High
CVE-2024-36114
was published
for
io.airlift:aircompressor
(Maven)
Jun 2, 2024
Buffer Overflow in gitea
High
CVE-2021-3382
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
High
CVE-2024-21661
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability
Low
CVE-2022-39394
was published
for
wasmtime
(Rust)
Feb 1, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
concat built-in can corrupt memory in vyper
High
CVE-2024-22419
was published
for
vyper
(pip)
Jan 19, 2024
PaddlePaddle stack overflow in paddle.linalg.lu_unpack
High
CVE-2023-52307
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle heap buffer overflow in paddle.repeat_interleave
High
CVE-2023-52309
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
PaddlePaddle stack overflow in paddle.searchsorted
High
CVE-2023-52304
was published
for
PaddlePaddle
(pip)
Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
JLine vulnerable to out of memory error
Moderate
CVE-2023-50572
was published
for
org.jline:jline-parent
(Maven)
Dec 29, 2023
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
hyavijava stack overflow vulnerability
Critical
CVE-2023-51084
was published
for
com.github:hyavijava
(Maven)
Dec 27, 2023
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
High
CVE-2023-51080
was published
for
cn.hutool:hutool-core
(Maven)
Dec 27, 2023
DOS by abusing `fetchOptions.retry`.
High
CVE-2023-49800
was published
for
nuxt-api-party
(npm)
Dec 11, 2023
Elasticsearch vulnerable to stack overflow in the search API
Moderate
CVE-2023-31419
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Moderate
CVE-2023-46136
was published
for
werkzeug
(pip)
Oct 25, 2023
Electron affected by libvpx's heap buffer overflow in vp8 encoding
High
CVE-2023-5217
was published
for
electron
(npm)
Sep 28, 2023
Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
High
CVE-2023-42443
was published
for
vyper
(pip)
Sep 20, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Heap-based buffer overflow in ZBar
Critical
CVE-2023-40889
was published
for
zbar
(pip)
Aug 29, 2023
etcd denial of service vulnerability
High
CVE-2022-34038
was published
for
go.etcd.io/etcd/v3
(Go)
Aug 22, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API