Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

282 advisories

Loading
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK... Critical Unreviewed
CVE-2017-18187 was published May 13, 2022
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The... Critical Unreviewed
CVE-2018-14087 was published May 13, 2022
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the... Critical Unreviewed
CVE-2018-14084 was published May 13, 2022
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an... Critical Unreviewed
CVE-2018-14086 was published May 13, 2022
Improper input validation together with an integer overflow in the EAP-TLS protocol... Critical Unreviewed
CVE-2018-11574 was published May 13, 2022
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex... Critical Unreviewed
CVE-2016-10141 was published May 13, 2022
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory... Critical Unreviewed
CVE-2016-8859 was published May 13, 2022
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0... Critical Unreviewed
CVE-2018-9838 was published May 13, 2022
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44,... Critical Unreviewed
CVE-2010-4203 was published May 13, 2022
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to... Critical Unreviewed
CVE-2010-4202 was published May 13, 2022
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage... Critical Unreviewed
CVE-2010-3729 was published May 13, 2022
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm... Critical Unreviewed
CVE-2016-5344 was published May 13, 2022
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on... Critical Unreviewed
CVE-2018-5095 was published May 13, 2022
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in... Critical Unreviewed
CVE-2018-7225 was published May 13, 2022
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows... Critical Unreviewed
CVE-2017-14062 was published May 13, 2022
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. Critical Unreviewed
CVE-2018-1084 was published May 13, 2022
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which... Critical Unreviewed
CVE-2018-17963 was published May 13, 2022
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis... Critical Unreviewed
CVE-2018-11219 was published May 13, 2022
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which... Critical Unreviewed
CVE-2016-2177 was published May 13, 2022
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow... Critical Unreviewed
CVE-2016-9558 was published May 13, 2022
An integer overflow vulnerability exists in the X509 certificate parsing functionality of... Critical Unreviewed
CVE-2017-2782 was published May 13, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing... Critical Unreviewed
CVE-2017-2892 was published May 13, 2022
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of... Critical Unreviewed
CVE-2017-2921 was published May 13, 2022
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible... Critical Unreviewed
CVE-2016-8704 was published May 13, 2022
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for... Critical Unreviewed
CVE-2016-8705 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database