Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
PaddlePaddle stack overflow in paddle.linalg.lu_unpack High
CVE-2023-52307 was published for PaddlePaddle (pip) Jan 3, 2024
memory overflow vulnerability in OpenEXR-viewer Critical
CVE-2023-50245 was published for afichet/openexr-viewer (GitHub Actions) Dec 12, 2023
GAP-dev Credited to GAP-dev
free5gc Buffer Overflow vulnerability High
CVE-2023-47345 was published for github.com/free5gc/free5gc (Go) Nov 16, 2023
hutool Buffer Overflow vulnerability Critical
CVE-2023-42276 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
hutool Buffer Overflow vulnerability Critical
CVE-2023-42277 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
hutool Buffer Overflow vulnerability High
CVE-2023-42278 was published for cn.hutool:hutool-core (Maven) Sep 9, 2023
mattberry3 Credited to mattberry3
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc Credited to 00xc
Heap buffer overflow in PaddlePaddle High
CVE-2023-38671 was published for paddlepaddle (pip) Jul 26, 2023
Uncontrolled Resource Consumption in LengthPrefixedMessageReader High
CVE-2021-36155 was published for github.com/grpc/grpc-swift (Swift) Jun 9, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder High
CVE-2022-31019 was published for github.com/vapor/vapor (Swift) Jun 7, 2023
weissi Credited to weissi
TensorFlow has Heap-buffer-overflow in AvgPoolGrad High
CVE-2023-25664 was published for tensorflow (pip) Mar 24, 2023
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel Critical
CVE-2023-26109 was published for node-bluetooth-serial-port (npm) Mar 9, 2023
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation Critical
CVE-2023-26110 was published for node-bluetooth (npm) Mar 9, 2023
XStream can cause Denial of Service via stack overflow High
CVE-2022-41966 was published for com.thoughtworks.xstream:xstream (Maven) Dec 29, 2022
Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite High
CVE-2022-41894 was published for tensorflow (pip) Nov 21, 2022
richardfan0606 Credited to richardfan0606
X.509 Email Address 4-byte Buffer Overflow Critical
CVE-2022-3602 was published for openssl-src (Rust) Nov 1, 2022
X.509 Email Address Variable Length Buffer Overflow High
CVE-2022-3786 was published for openssl-src (Rust) Nov 1, 2022
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 Critical
CVE-2021-37404 was published for org.apache.hadoop:hadoop-common (Maven) Jun 14, 2022
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ Credited to sunSUNQ
Heap buffer overflow due to incorrect hash function in TensorFlow Moderate
CVE-2022-29210 was published for tensorflow (pip) May 24, 2022
Pion/DTLS contains buffer for inbound DTLS fragments with no limit Moderate
CVE-2022-29189 was published for github.com/pion/dtls (Go) May 24, 2022
SM2 Decryption Buffer Overflow Critical
CVE-2021-3711 was published for openssl-src (Rust) May 24, 2022
another-rex Credited to another-rex
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
Buffer Copy without Checking Size of Input in Pillow Critical
CVE-2020-5311 was published for pillow (pip) May 24, 2022
Buffer overflow in Jenkins WMI Windows Agents plugin Moderate
CVE-2022-30950 was published for org.jenkins-ci.plugins:windows-slaves (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database