GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
276 advisories
Filter by severity
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
High
CVE-2022-40151
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Dec 30, 2022
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0773
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
High
CVE-2018-12086
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
High
CVE-2018-11778
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0592
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0611
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0769
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0771
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore
High
CVE-2019-0609
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
High
GHSA-34vw-m4rh-r36p
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes
High
CVE-2020-1912
was published
for
hermes-engine
(npm)
May 24, 2022
Uncontrolled Recursion in Akka HTTP
High
CVE-2021-42697
was published
for
com.typesafe.akka:akka-http
(Maven)
May 24, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45693
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
Jettison Out-of-bounds Write vulnerability
High
CVE-2022-45685
was published
for
org.codehaus.jettison:jettison
(Maven)
Dec 13, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption
High
CVE-2021-42279
was published
for
Microsoft.ChakraCore
(NuGet)
May 24, 2022
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
High
CVE-2022-35939
was published
for
tensorflow
(pip)
Sep 16, 2022
LIEF vulnerable to heap based buffer overflow via print_binary function
High
CVE-2022-38495
was published
for
lief
(pip)
Sep 14, 2022
opcua Vulnerable to Out-of-bounds Write
High
CVE-2022-25903
was published
for
opcua
(Rust)
Aug 25, 2022
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
High
CVE-2022-29208
was published
for
tensorflow
(pip)
May 24, 2022
Denial of Service due to parser crash
High
CVE-2022-40153
was published
for
com.fasterxml.woodstox:woodstox-core
(Maven)
Sep 17, 2022
•
withdrawn
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
High
CVE-2022-41900
was published
for
tensorflow
(pip)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API