Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
Sentencepiece has a a heap overflow issue High
CVE-2026-1260 was published for sentencepiece (pip) Jan 22, 2026
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC High
CVE-2024-36129 was published for go.opentelemetry.io/collector/config/configgrpc (Go) Jun 5, 2024
jpkrohling Credited to jpkrohling, arminru, mx-psi, and stamparm arminru arminru
mx-psi mx-psi stamparm stamparm
Handling untrusted input can result in a crash, leading to loss of availability / denial of service High
CVE-2024-30253 was published for @solana/web3.js (npm) Apr 17, 2024
FixedLocally Credited to FixedLocally and steveluscher steveluscher steveluscher
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer High
CVE-2023-28638 was published for Snappier (NuGet) Mar 27, 2023
brantburnett Credited to brantburnett
Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks High
GHSA-967g-cjx4-h7j6 was published for github.com/ipld/go-codec-dagpb (Go) Dec 28, 2022 withdrawn
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service High
CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022
anonymous-nlp-student Credited to anonymous-nlp-student
protobuf-cpp and protobuf-python have potential Denial of Service issue High
CVE-2022-1941 was published for protobuf (pip) Sep 23, 2022
kse3hi Credited to kse3hi
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` High
CVE-2022-36086 was published for linked_list_allocator (Rust) Sep 16, 2022
evanrichter Credited to evanrichter
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter Credited to evanrichter
ChakraCore RCE Vulnerability High
CVE-2020-1073 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-1065 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0969 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0811 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0812 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0767 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0713 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0712 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0711 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0710 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
Remote code execution in ASP.NET Core High
CVE-2020-0603 was published for Microsoft.AspNetCore.All (NuGet) May 24, 2022
skofman1 Credited to skofman1
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ Credited to sunSUNQ
Pillow Buffer overflow in Jpeg2KEncode.c High
CVE-2016-3076 was published for pillow (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database