GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Arbitrary code execution in clickhouse-driver
Critical
CVE-2020-26759
was published
for
clickhouse-driver
(pip)
Apr 7, 2021
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Critical
CVE-2020-35887
was published
for
arr
(Rust)
Aug 25, 2021
PCX P mode buffer overflow in Pillow
Critical
CVE-2020-5312
was published
for
Pillow
(pip)
Nov 3, 2021
Buffer Overflow in galois_2p8
Critical
CVE-2022-24988
was published
for
galois_2p8
(Rust)
Feb 15, 2022
Buffer Copy without Checking Size of Input in Pillow
Critical
CVE-2020-5311
was published
for
pillow
(pip)
May 24, 2022
SM2 Decryption Buffer Overflow
Critical
CVE-2021-3711
was published
for
openssl-src
(Rust)
May 24, 2022
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Critical
CVE-2021-37404
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Jun 14, 2022
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel
Critical
CVE-2023-26109
was published
for
node-bluetooth-serial-port
(npm)
Mar 9, 2023
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation
Critical
CVE-2023-26110
was published
for
node-bluetooth
(npm)
Mar 9, 2023
hutool Buffer Overflow vulnerability
Critical
CVE-2023-42277
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
hutool Buffer Overflow vulnerability
Critical
CVE-2023-42276
was published
for
cn.hutool:hutool-core
(Maven)
Sep 9, 2023
memory overflow vulnerability in OpenEXR-viewer
Critical
CVE-2023-50245
was published
for
afichet/openexr-viewer
(GitHub Actions)
Dec 12, 2023
StringIO buffer overread vulnerability
Critical
CVE-2024-27280
was published
for
stringio
(RubyGems)
Mar 25, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API