GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
evmos allows transferring unvested tokens after delegations
Low
CVE-2024-32873
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Vyper's `_abi_decode` input not validated in complex expressions
Moderate
CVE-2023-42460
was published
for
vyper
(pip)
Sep 26, 2023
Frontier's modexp precompile is slow for even modulus
High
CVE-2023-28431
was published
for
pallet-evm-precompile-modexp
(Rust)
Mar 21, 2023
OpenZeppelin Contracts contains Incorrect Calculation
Moderate
CVE-2023-26488
was published
for
@openzeppelin/contracts
(npm)
Mar 3, 2023
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars
High
CVE-2023-24533
was published
for
filippo.io/nistec
(Go)
Mar 1, 2023
Weight not properly refunded after EVM execution
Moderate
CVE-2022-39242
was published
for
pallet-ethereum
(Rust)
Sep 23, 2022
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
High
CVE-2022-31198
was published
for
@openzeppelin/contracts
(npm)
Aug 18, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Moderate
CVE-2022-31169
was published
for
cranelift-codegen
(Rust)
Jul 21, 2022
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Moderate
CVE-2022-31104
was published
for
cranelift-codegen
(Rust)
Jun 29, 2022
Uncontrolled Resource Consumption in fast-string-search
High
CVE-2022-22138
was published
for
fast-string-search
(npm)
Jun 18, 2022
Incorrect Calculation in moodle
Critical
CVE-2022-30600
was published
for
moodle/moodle
(Composer)
May 19, 2022
Incorrect Calculation in solana_rbpf
Critical
CVE-2022-23066
was published
for
solana_rbpf
(Rust)
May 10, 2022
Incorrect Calculation in github.com/open-policy-agent/opa
Moderate
CVE-2022-23628
was published
for
github.com/open-policy-agent/opa
(Go)
Feb 9, 2022
Incorrect Calculation in the MSR JavaScript Cryptography Library
High
CVE-2020-1026
was published
for
msrcrypto
(npm)
Jan 6, 2022
Segfault due to negative splits in `SplitV`
Moderate
CVE-2021-41222
was published
for
tensorflow
(pip)
Nov 10, 2021
missing clamps for decimal args in external functions
Moderate
CVE-2021-41122
was published
for
vyper
(pip)
Oct 6, 2021
Calculation error in ark-r1cs-std
Critical
CVE-2021-38194
was published
for
ark-r1cs-std
(Rust)
Aug 25, 2021
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Low
GHSA-xh2p-7p87-fhgh
was published
for
@liquity/contracts
(npm)
Aug 5, 2021
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26265
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Shallow copy bug in geth
Moderate
CVE-2020-26241
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Erroneous Proof of Work calculation in geth
Moderate
CVE-2020-26240
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Incorrect Calculation in bigint-money
Low
GHSA-9r3m-mhfm-39cm
was published
for
bigint-money
(npm)
Sep 11, 2020
Sensitive Data Exposure in msrcrypto
Critical
CVE-2018-8319
was published
for
msrcrypto
(npm)
Sep 10, 2018
ProTip!
Advisories are also available from the
GraphQL API