Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause... Moderate Unreviewed
CVE-2023-31347 was published Feb 13, 2024
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95.... Moderate Unreviewed
CVE-2019-20051 was published May 24, 2022
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote... Moderate Unreviewed
CVE-2016-7433 was published May 13, 2022
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type... High Unreviewed
CVE-2017-8326 was published May 13, 2022
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest... High Unreviewed
CVE-2017-8905 was published May 13, 2022
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in... Moderate Unreviewed
CVE-2017-8932 was published May 13, 2022
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point... Moderate Unreviewed
CVE-2017-11537 was published May 13, 2022
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS... High Unreviewed
CVE-2017-12134 was published May 13, 2022
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs Moderate
CVE-2022-31104 was published for cranelift-codegen (Rust) Jun 29, 2022
alexcrichton MaineK00n
Credited to alexcrichton and MaineK00n
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
Credited to akirilov-arm
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts... High Unreviewed
CVE-2021-45960 was published Feb 10, 2022
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that... High Unreviewed
CVE-2025-4435 was published Jun 3, 2025
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with... Moderate Unreviewed
CVE-2024-11407 was published Nov 26, 2024
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Credited to poljar
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and... Moderate Unreviewed
CVE-2025-55552 was published Sep 25, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow... High Unreviewed
CVE-2024-41011 was published Jul 18, 2024
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in... Moderate Unreviewed
CVE-2025-5372 was published Jul 4, 2025
An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of... High Unreviewed
CVE-2026-21911 was published Jan 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database