Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in... Moderate Unreviewed
CVE-2025-12781 was published Jan 21, 2026
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid... High Unreviewed
CVE-2025-39880 was published Sep 23, 2025
loggingredactor converts non-string types to string types in logs Low
CVE-2026-22041 was published for loggingredactor (pip) Jan 7, 2026
armurox
Credited to armurox
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Credited to JavierLeon9966
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had... High Unreviewed
CVE-2025-13720 was published Dec 2, 2025
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an... High Unreviewed
CVE-2018-12386 was published May 14, 2022
In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate... Moderate Unreviewed
CVE-2025-37746 was published May 1, 2025
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39589 was published Sep 18, 2024
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP... High Unreviewed
CVE-2024-39590 was published Sep 18, 2024
An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage... High Unreviewed
CVE-2024-28130 was published Apr 23, 2024
Exposure of Sensitive Information to an Unauthorized Actor in nanoid Moderate
CVE-2021-23566 was published for nanoid (npm) Jan 21, 2022
baptistecs
Credited to baptistecs
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases,... High Unreviewed
CVE-2020-10735 was published Sep 10, 2022
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing... Moderate Unreviewed
CVE-2025-22044 was published Apr 16, 2025
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue... Critical Unreviewed
CVE-2022-3979 was published Nov 14, 2022
A type confusion vulnerability exists in the handling of the string addition (+) operation within... High Unreviewed
CVE-2025-62494 was published Oct 16, 2025
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via ... High Unreviewed
CVE-2017-8291 was published May 14, 2022
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the... High Unreviewed
CVE-2017-0037 was published May 17, 2022
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly... Moderate Unreviewed
CVE-2024-57839 was published Jan 11, 2025
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a... Critical Unreviewed
CVE-2010-20115 was published Aug 21, 2025
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution... High Unreviewed
CVE-2024-5436 was published May 31, 2024
An unauthenticated remote attacker can bypass the login to the web application of the affected... Critical Unreviewed
CVE-2025-41648 was published Jul 1, 2025
An unauthorized remote attacker can bypass the authentication of the affected software package by... Critical Unreviewed
CVE-2025-41646 was published Jun 6, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor... High Unreviewed
CVE-2021-39989 was published Jan 4, 2022
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type... Moderate Unreviewed
CVE-2022-49873 was published May 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database