GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
282 advisories
Filter by severity
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK...
Critical
Unreviewed
CVE-2017-18187
was published
May 13, 2022
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The...
Critical
Unreviewed
CVE-2018-14087
was published
May 13, 2022
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the...
Critical
Unreviewed
CVE-2018-14084
was published
May 13, 2022
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an...
Critical
Unreviewed
CVE-2018-14086
was published
May 13, 2022
Improper input validation together with an integer overflow in the EAP-TLS protocol...
Critical
Unreviewed
CVE-2018-11574
was published
May 13, 2022
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex...
Critical
Unreviewed
CVE-2016-10141
was published
May 13, 2022
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory...
Critical
Unreviewed
CVE-2016-8859
was published
May 13, 2022
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0...
Critical
Unreviewed
CVE-2018-9838
was published
May 13, 2022
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44,...
Critical
Unreviewed
CVE-2010-4203
was published
May 13, 2022
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to...
Critical
Unreviewed
CVE-2010-4202
was published
May 13, 2022
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage...
Critical
Unreviewed
CVE-2010-3729
was published
May 13, 2022
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm...
Critical
Unreviewed
CVE-2016-5344
was published
May 13, 2022
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on...
Critical
Unreviewed
CVE-2018-5095
was published
May 13, 2022
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in...
Critical
Unreviewed
CVE-2018-7225
was published
May 13, 2022
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows...
Critical
Unreviewed
CVE-2017-14062
was published
May 13, 2022
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Critical
Unreviewed
CVE-2018-1084
was published
May 13, 2022
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which...
Critical
Unreviewed
CVE-2018-17963
was published
May 13, 2022
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis...
Critical
Unreviewed
CVE-2018-11219
was published
May 13, 2022
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which...
Critical
Unreviewed
CVE-2016-2177
was published
May 13, 2022
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow...
Critical
Unreviewed
CVE-2016-9558
was published
May 13, 2022
An integer overflow vulnerability exists in the X509 certificate parsing functionality of...
Critical
Unreviewed
CVE-2017-2782
was published
May 13, 2022
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing...
Critical
Unreviewed
CVE-2017-2892
was published
May 13, 2022
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of...
Critical
Unreviewed
CVE-2017-2921
was published
May 13, 2022
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible...
Critical
Unreviewed
CVE-2016-8704
was published
May 13, 2022
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for...
Critical
Unreviewed
CVE-2016-8705
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API