Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack Moderate
CVE-2020-5234 was published for MessagePack (NuGet) Jan 31, 2020
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd()... Moderate Unreviewed
CVE-2018-1071 was published May 13, 2022
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer... Moderate Unreviewed
CVE-2018-10839 was published May 13, 2022
NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an... Moderate Unreviewed
CVE-2019-10974 was published May 24, 2022
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service ... Moderate Unreviewed
CVE-2021-30496 was published May 24, 2022
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017... Moderate Unreviewed
CVE-2021-39845 was published May 24, 2022
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw... Moderate Unreviewed
CVE-2022-2078 was published Jul 1, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... Moderate Unreviewed
CVE-2022-35867 was published Aug 4, 2022
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows... Moderate Unreviewed
CVE-2022-1355 was published Sep 1, 2022
snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38752 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
mprins
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38750 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38749 was published for be.cylab:snakeyaml (Maven) Sep 6, 2022
snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Moderate
CVE-2022-38751 was published for org.yaml:snakeyaml (Maven) Sep 6, 2022
Jettison parser crash by stackoverflow Moderate
CVE-2022-40149 was published for org.codehaus.jettison:jettison (Maven) Sep 17, 2022
coheigea
Snakeyaml vulnerable to Stack overflow leading to denial of service Moderate
CVE-2022-41854 was published for org.yaml:snakeyaml (Maven) Nov 11, 2022
peter-janssen p3pijn
atul-exabeam fabien-chebel sfblackl-intel
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ... Moderate Unreviewed
CVE-2017-16264 was published Jan 12, 2023
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005... Moderate Unreviewed
CVE-2023-21610 was published Jan 18, 2023
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... Moderate Unreviewed
CVE-2022-43625 was published Mar 29, 2023
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at ... Moderate Unreviewed
CVE-2023-29583 was published Apr 24, 2023
A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected... Moderate Unreviewed
CVE-2023-2676 was published May 12, 2023
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Moderate Unreviewed
CVE-2023-2837 was published May 22, 2023
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected... Moderate Unreviewed
CVE-2023-2923 was published May 27, 2023
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an... Moderate Unreviewed
CVE-2023-3195 was published Jun 16, 2023
Jettison parser crash by stackoverflow Moderate
GHSA-xqcq-j8w9-3pxv was published for com.tencyle.fixes:org.codehaus.jettison--jettison (Maven) Aug 1, 2023
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the... Moderate Unreviewed
CVE-2023-4273 was published Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API