Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload High
CVE-2026-32319 was published for github.com/ellanetworks/core (Go) Mar 12, 2026
p1-aji Credited to p1-aji and p1-kgy p1-kgy p1-kgy
.NET Denial of Service Vulnerability High
CVE-2026-26127 was published for Microsoft.Bcl.Memory (NuGet) Mar 11, 2026
rbhanda Credited to rbhanda
ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write High
CVE-2026-28693 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
jakelodwick Credited to jakelodwick
Duplicate Advisory: .NET Denial of Service Vulnerability High
GHSA-c8gq-rhqh-wgwm was published for Microsoft.Bcl.Memory (NuGet) Mar 10, 2026 withdrawn
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer High
CVE-2025-67721 was published for io.airlift:aircompressor (Maven) Dec 12, 2025
kyakdan Credited to kyakdan, philippe-granet, and lhotari philippe-granet philippe-granet
lhotari lhotari
ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression High
CVE-2026-24481 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 24, 2026
LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS High
CVE-2025-12183 was published for at.yawk.lz4:lz4-java (Maven) Nov 28, 2025
Marcono1234 Credited to Marcono1234 and pjfanning pjfanning pjfanning
ImageMagick is vulnerable to an integer Overflow in TIM decoder leading to out of bounds read (32-bit only) High
CVE-2025-66628 was published for Magick.NET-Q16-AnyCPU (NuGet) Dec 10, 2025
Sumitshah00 Credited to Sumitshah00
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
Ollama Allows Out-of-Bounds Read High
CVE-2024-12055 was published for github.com/ollama/ollama (Go) Mar 20, 2025
Out-of-bounds Read in Ruby JSON Parser High
CVE-2025-27788 was published for json (RubyGems) Mar 12, 2025
Ollama Out-of-bounds Read High
CVE-2024-39720 was published for github.com/ollama/ollama (Go) Oct 31, 2024
Ant-Media-Server vulnerable to Improper Output Neutralization for Logs High
CVE-2024-35371 was published for io.antmedia:ant-media-server (Maven) Nov 29, 2024
Patchelf out-of-bounds read High
CVE-2022-44940 was published for patchelf (pip) Dec 20, 2022
Memory access due to code generation flaw in Cranelift module High
CVE-2021-32629 was published for cranelift-codegen (pip) Aug 25, 2021
typed-ast Out-of-bounds Read High
CVE-2019-19275 was published for typed-ast (pip) Dec 2, 2019
Asterix Heap-based Buffer Overflow High
CVE-2021-44144 was published for asterix_decoder (pip) May 24, 2022
Out of bounds read and write in Tensorflow High
CVE-2022-23574 was published for tensorflow (pip) Feb 9, 2022
Read and Write outside of bounds in TensorFlow High
CVE-2022-23560 was published for tensorflow (pip) Feb 9, 2022
Out of bounds read in Tensorflow High
CVE-2022-23592 was published for tensorflow (pip) Feb 9, 2022
Out of bounds read in Tensorflow High
CVE-2022-21730 was published for tensorflow (pip) Feb 9, 2022
Out of bounds read in Tensorflow High
CVE-2022-21728 was published for tensorflow (pip) Feb 9, 2022
Out of bounds read in Tensorflow High
CVE-2022-21726 was published for tensorflow (pip) Feb 9, 2022
Heap OOB in nested `tf.map_fn` with `RaggedTensor`s High
CVE-2021-37679 was published for tensorflow (pip) Aug 25, 2021
Heap OOB in boosted trees High
CVE-2021-37664 was published for tensorflow (pip) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database