Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

12,724 advisories

Loading
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
Pillow Buffer overflow in ImagingLibTiffDecode Moderate
CVE-2016-0740 was published for Pillow (pip) Jul 24, 2018
Pillow buffer overflow in ImagingPcdDecode Moderate
CVE-2016-2533 was published for Pillow (pip) Jul 24, 2018
Pillow Buffer overflow in ImagingFliDecode Moderate
CVE-2016-0775 was published for Pillow (pip) Jul 24, 2018
Pillow Integer overflow in ImagingResampleHorizontal Critical
CVE-2016-4009 was published for Pillow (pip) Jul 24, 2018
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607
Nokogiri does not forbid namespace nodes in XPointer ranges Critical
CVE-2016-4658 was published for nokogiri (RubyGems) Aug 21, 2018
Heap-based buffer overflow in nokogiri Moderate
CVE-2015-7499 was published for nokogiri (RubyGems) Sep 17, 2018
Excessive memory allocation Moderate
CVE-2018-12541 was published for io.vertx:vertx-core (Maven) Oct 17, 2018
tdunlap607
Pivotal Spring Framework DoS Attack with XML Input Moderate
CVE-2015-3192 was published for org.springframework:spring-web (Maven) Oct 17, 2018
sunSUNQ
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core High
CVE-2017-1000118 was published for com.typesafe.akka:akka-http-core_2.11 (Maven) Oct 22, 2018
Denial of Service in ethereumjs-vm High
CVE-2018-19183 was published for ethereumjs-vm (npm) Nov 21, 2018
Py-EVM is vulnerable to arbitrary bytecode injection High
CVE-2018-18920 was published for py-evm (pip) Nov 21, 2018
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
Stack Overflow in Apache Mesos High
CVE-2018-11793 was published for org.apache.mesos:mesos (Maven) Mar 6, 2019
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-8825 was published for tensorflow (pip) Apr 24, 2019
tdunlap607
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow High
CVE-2018-10055 was published for tensorflow (pip) Apr 30, 2019
aubio Buffer Overflow vulnerability Critical
CVE-2018-19800 was published for aubio (pip) Jul 26, 2019
Buffer Overflow in centra High
GHSA-v6cj-r88p-92rm was published for centra (npm) Sep 30, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage High
CVE-2018-11768 was published for org.apache.hadoop:hadoop-main (Maven) Nov 20, 2019
Denial of Service in Netty High
CVE-2020-11612 was published for io.netty:netty-handler (Maven) Jun 15, 2020
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign Critical
CVE-2020-14968 was published for jsrsasign (npm) Jun 26, 2020
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign Critical
CVE-2020-14967 was published for jsrsasign (npm) Jun 26, 2020
Denial of service in Netty Moderate
CVE-2014-3488 was published for io.netty:netty-handler (Maven) Jun 30, 2020
Heap Based Buffer Overflow in libyaml Critical
CVE-2013-6393 was published for libyaml (npm) Aug 31, 2020
ProTip! Advisories are also available from the GraphQL API