GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
297 advisories
Filter by severity
lz4-sys vulnerable to memory corruption via issue in liblz4
Critical
GHSA-9q5j-jm53-v7vr
was published
for
lz4-sys
(Rust)
Sep 1, 2022
Integer overflow in publify_core
Critical
CVE-2022-1812
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound...
Critical
Unreviewed
CVE-2022-23884
was published
Mar 29, 2022
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in...
Critical
Unreviewed
CVE-2009-0947
was published
Apr 21, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing...
Critical
Unreviewed
CVE-2017-2892
was published
May 13, 2022
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of...
Critical
Unreviewed
CVE-2017-2921
was published
May 13, 2022
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP...
Critical
Unreviewed
CVE-2016-4345
was published
May 17, 2022
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that...
Critical
Unreviewed
CVE-2017-5340
was published
May 14, 2022
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects...
Critical
Unreviewed
CVE-2016-9063
was published
May 14, 2022
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and...
Critical
Unreviewed
CVE-2017-9120
was published
May 14, 2022
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows...
Critical
Unreviewed
CVE-2016-4346
was published
May 14, 2022
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote...
Critical
Unreviewed
CVE-2016-3078
was published
May 17, 2022
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in...
Critical
Unreviewed
CVE-2016-5770
was published
May 14, 2022
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows...
Critical
Unreviewed
CVE-2016-4344
was published
May 17, 2022
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote...
Critical
Unreviewed
CVE-2020-28020
was published
May 24, 2022
An integer overflow was addressed with improved input validation. This issue is fixed in Security...
Critical
Unreviewed
CVE-2022-26775
was published
May 27, 2022
A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality...
Critical
Unreviewed
CVE-2021-21795
was published
May 24, 2022
An integer overflow issue was addressed with improved input validation. This issue is fixed in...
Critical
Unreviewed
CVE-2022-26711
was published
May 27, 2022
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond...
Critical
Unreviewed
CVE-2022-28615
was published
Jun 10, 2022
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile...
Critical
Unreviewed
CVE-2022-25651
was published
Jun 15, 2022
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM)...
Critical
Unreviewed
CVE-2023-0077
was published
Jan 5, 2023
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32...
Critical
Unreviewed
CVE-2022-22721
was published
Mar 15, 2022
Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC...
Critical
Unreviewed
CVE-2016-6999
was published
May 17, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c...
Critical
Unreviewed
CVE-2017-9198
was published
May 17, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c...
Critical
Unreviewed
CVE-2017-9184
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API