Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

190 advisories

Loading
ChakraCore RCE Vulnerability High
CVE-2016-7243 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
Ruby OpenSSL DoS Vulnerability High
CVE-2017-14033 was published for openssl (RubyGems) May 14, 2022
Apache Tomcat does not properly handle an invalid Transfer-Encoding header Moderate
CVE-2010-2227 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2016-6817 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Aubio is vulnerable to denial of service via aubio_pitch_set_unit function High
CVE-2018-14522 was published for aubio (pip) May 14, 2022
ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction High
CVE-2017-11914 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore vulnerable to remote code execution High
CVE-2017-11909 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore RCE Vulnerability High
CVE-2017-11911 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore vulnerable to remote code execution High
CVE-2017-11893 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore vulnerable to privilege escalation Critical
CVE-2017-11767 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17847 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17143 was published for golang.org/x/net (Go) May 13, 2022
OpenStack Keystone Denial of Service vulnerability via a large HTTP request Moderate
CVE-2013-0270 was published for keystone (pip) May 5, 2022
Apache Tomcat DoS via Malicious Get Request High
CVE-2002-2272 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Buffer Overflow in vyper High
CVE-2022-24788 was published for vyper (pip) Apr 20, 2022
ipld/go-codec-dagpb panics when processing certain blocks High
GHSA-g3vv-g2j5-45f2 was published for github.com/ipld/go-codec-dagpb (Go) Apr 8, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat High
CVE-2020-13934 was published for org.apache.tomcat:tomcat (Maven) Feb 8, 2022
Use of a Broken or Risky Cryptographic Algorithm in crypto2 Critical
CVE-2021-45709 was published for crypto2 (Rust) Jan 6, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV Moderate
CVE-2017-17760 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV High
CVE-2017-12862 was published for opencv-contrib-python (pip) Oct 12, 2021
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV High
CVE-2017-12601 was published for opencv-contrib-python (pip) Oct 12, 2021
Memory corruption when returning a literal struct with a private call inside of it High
CVE-2021-41121 was published for vyper (pip) Oct 12, 2021
crossbeam-channel Undefined Behavior before v0.4.4 High
CVE-2020-15254 was published for crossbeam-channel (Rust) Aug 25, 2021
Data races in convec High
CVE-2020-36445 was published for convec (Rust) Aug 25, 2021
Data races in signal-simple High
CVE-2020-36446 was published for signal-simple (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database