GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
High
CVE-2020-36242
was published
for
cryptography
(pip)
Feb 10, 2021
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
Integer overflow in TFLite memory allocation
High
CVE-2021-29605
was published
for
tensorflow
(pip)
May 21, 2021
TensorFlow has segfault in array_ops.upper_bound
High
CVE-2023-33976
was published
for
tensorflow
(pip)
Jul 30, 2024
HTTP/2 HPACK integer overflow and buffer allocation
High
CVE-2023-36478
was published
for
org.eclipse.jetty.http2:http2-hpack
(Maven)
Oct 10, 2023
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
Integer overflow in chunking helper causes dispatching to miss elements or panic
High
CVE-2024-27101
was published
for
github.com/authzed/spicedb
(Go)
Mar 1, 2024
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
PyCryptodome Integer overflow vulnerability
High
CVE-2018-15560
was published
for
pycryptodome
(pip)
Aug 27, 2018
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
GHSA-c2v4-chx5-vff6
was published
for
commonmarker
(RubyGems)
Jan 4, 2024
•
withdrawn
Signature Malleabillity in elliptic
High
CVE-2020-13822
was published
for
elliptic
(npm)
Jul 29, 2020
Vyper vulnerable to integer overflow in loop
High
CVE-2023-32058
was published
for
vyper
(pip)
May 12, 2023
Integer overflow in github.com/gorilla/websocket
High
CVE-2020-27813
was published
for
github.com/gorilla/websocket
(Go)
May 18, 2021
Integer Overflow or Wraparound in NATS Server
High
CVE-2019-13126
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 18, 2021
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
High
CVE-2022-24667
was published
for
github.com/apple/swift-nio-http2
(Swift)
May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
High
GHSA-wfvq-p7qf-vv64
was published
for
github.com/apple/swift-nio-http2
(Swift)
Feb 11, 2022
•
withdrawn
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
High
CVE-2022-31005
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Integer Overflow/Infinite Loop in the http crate
High
CVE-2020-25574
was published
for
http
(Rust)
Aug 25, 2021
Integer overflow in solana_rbpf
High
CVE-2021-46102
was published
for
solana_rbpf
(Rust)
Jan 28, 2022
Integer Overflow in openssl-src
High
CVE-2021-23840
was published
for
openssl-src
(Rust)
Aug 25, 2021
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
High
CVE-2023-22895
was published
for
bzip2
(Rust)
Jan 10, 2023
TensorFlow vulnerable to integer overflow in EditDistance
High
CVE-2023-25662
was published
for
tensorflow
(pip)
Mar 24, 2023
ProTip!
Advisories are also available from the
GraphQL API