GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
Rack rubygems receiving excessively long lines triggers out-of-memory error
Moderate
CVE-2013-0183
was published
for
rack
(RubyGems)
Oct 24, 2017
Pillow Buffer overflow in ImagingLibTiffDecode
Moderate
CVE-2016-0740
was published
for
pillow
(pip)
Jul 24, 2018
Pillow buffer overflow in ImagingPcdDecode
High
CVE-2016-2533
was published
for
pillow
(pip)
Jul 24, 2018
Pillow Buffer overflow in ImagingFliDecode
High
CVE-2016-0775
was published
for
Pillow
(pip)
Jul 24, 2018
Pillow Integer overflow in ImagingResampleHorizontal
Critical
CVE-2016-4009
was published
for
pillow
(pip)
Jul 24, 2018
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Nokogiri does not forbid namespace nodes in XPointer ranges
Critical
CVE-2016-4658
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
Heap-based buffer overflow in nokogiri
Moderate
CVE-2015-7499
was published
for
nokogiri
(RubyGems)
Sep 17, 2018
Excessive memory allocation
Moderate
CVE-2018-12541
was published
for
io.vertx:vertx-core
(Maven)
Oct 17, 2018
Pivotal Spring Framework DoS Attack with XML Input
Moderate
CVE-2015-3192
was published
for
org.springframework:spring-web
(Maven)
Oct 17, 2018
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core
High
CVE-2017-1000118
was published
for
com.typesafe.akka:akka-http-core_2.11
(Maven)
Oct 22, 2018
Denial of Service in ethereumjs-vm
High
CVE-2018-19183
was published
for
ethereumjs-vm
(npm)
Nov 21, 2018
Py-EVM is vulnerable to arbitrary bytecode injection
High
CVE-2018-18920
was published
for
py-evm
(pip)
Nov 21, 2018
Stack Overflow in Apache Mesos
High
CVE-2018-11793
was published
for
org.apache.mesos:mesos
(Maven)
Mar 6, 2019
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-8825
was published
for
tensorflow
(pip)
Apr 24, 2019
Improper Restriction of Operations within the Bounds of a Memory Buffer in Google TensorFlow
High
CVE-2018-10055
was published
for
tensorflow
(pip)
Apr 30, 2019
aubio Buffer Overflow vulnerability
Critical
CVE-2018-19800
was published
for
aubio
(pip)
Jul 26, 2019
user/group information can be corrupted across storing in fsimage and reading back from fsimage
High
CVE-2018-11768
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Nov 20, 2019
Denial of Service in Netty
High
CVE-2020-11612
was published
for
io.netty:netty-handler
(Maven)
Jun 15, 2020
RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign
Critical
CVE-2020-14968
was published
for
jsrsasign
(npm)
Jun 26, 2020
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
Critical
CVE-2020-14967
was published
for
jsrsasign
(npm)
Jun 26, 2020
Denial of service in Netty
Moderate
CVE-2014-3488
was published
for
io.netty:netty-handler
(Maven)
Jun 30, 2020
Heap Based Buffer Overflow in libyaml
Critical
CVE-2013-6393
was published
for
libyaml
(npm)
Aug 31, 2020
ProTip!
Advisories are also available from the
GraphQL API