Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath Credited to likebreath
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Overflow/denial of service in `tf.raw_ops.ReverseSequence` Low
CVE-2021-29575 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `MaxPool3DGradGrad` Low
CVE-2021-29576 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `AvgPool3DGrad` Low
CVE-2021-29577 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `FractionalAvgPoolGrad` Low
CVE-2021-29578 was published for tensorflow (pip) May 21, 2021
Heap buffer overflow in `MaxPoolGrad` Low
CVE-2021-29579 was published for tensorflow (pip) May 21, 2021
Vyper's external calls can overflow return data to return input buffer Low
CVE-2024-24560 was published for vyper (pip) Feb 2, 2024
zobront Credited to zobront
Vyper's `_abi_decode` vulnerable to Memory Overflow Low
CVE-2024-26149 was published for vyper (pip) Feb 26, 2024
minaminao-osec Credited to minaminao-osec
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones Credited to flavorjones
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability Low
CVE-2025-15506 was published for opencolorio (pip) Jan 11, 2026
Open Chinese Convert has Out-of-bounds Write Low
CVE-2025-15536 was published for opencc (npm) Jan 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database