Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

276 advisories

Loading
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow High
CVE-2022-40151 was published for com.thoughtworks.xstream:xstream (Maven) Dec 30, 2022
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0773 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua High
CVE-2018-12086 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow High
CVE-2018-11778 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0592 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0611 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0769 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0771 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
High severity vulnerability that affects Microsoft.ChakraCore High
CVE-2019-0609 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Data races in aovec High
CVE-2020-36207 was published for aovec (Rust) Aug 25, 2021
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM High
GHSA-34vw-m4rh-r36p was published for github.com/talos-systems/talos (Go) Sep 16, 2022
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes High
CVE-2020-1912 was published for hermes-engine (npm) May 24, 2022
Uncontrolled Recursion in Akka HTTP High
CVE-2021-42697 was published for com.typesafe.akka:akka-http (Maven) May 24, 2022
Jettison Out-of-bounds Write vulnerability High
CVE-2022-45693 was published for org.codehaus.jettison:jettison (Maven) Dec 13, 2022
Jettison Out-of-bounds Write vulnerability High
CVE-2022-45685 was published for org.codehaus.jettison:jettison (Maven) Dec 13, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints High
CVE-2022-31054 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption High
CVE-2021-42279 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite High
CVE-2022-35939 was published for tensorflow (pip) Sep 16, 2022
LIEF vulnerable to heap based buffer overflow via print_binary function High
CVE-2022-38495 was published for lief (pip) Sep 14, 2022
Out-of-bounds write in libpng High
CVE-2018-14550 was published for libpng (NuGet) Mar 22, 2021
opcua Vulnerable to Out-of-bounds Write High
CVE-2022-25903 was published for opcua (Rust) Aug 25, 2022
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow High
CVE-2022-29208 was published for tensorflow (pip) May 24, 2022
Denial of Service due to parser crash High
CVE-2022-40153 was published for com.fasterxml.woodstox:woodstox-core (Maven) Sep 17, 2022 withdrawn
FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess High
CVE-2022-41900 was published for tensorflow (pip) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API