Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
BoringSSLAEADContext in Netty Repeats Nonces Moderate
CVE-2024-36121 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) Jun 5, 2024
SalusaSecondus
libdav1d-sys affected by dav1d AV1 decoder integer overflow Moderate
GHSA-mc39-h54g-pvw6 was published for libdav1d-sys (Rust) Apr 5, 2024
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim gwynne
baarde
.eth registrar controller can shorten the duration of registered names Moderate
CVE-2023-38698 was published for @ensdomains/ens-contracts (npm) Aug 1, 2023
snappy-java's Integer Overflow vulnerability in compress leads to DoS Moderate
CVE-2023-34454 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS Moderate
CVE-2023-34453 was published for org.xerial.snappy:snappy-java (Maven) Jun 15, 2023
srmish-jfrog
Buffer under-read in workerd Moderate
CVE-2023-2512 was published for workerd (npm) May 12, 2023
ubercomp
TensorFlow vulnerable to segfault when opening multiframe gif Moderate
CVE-2023-25667 was published for tensorflow (pip) Mar 24, 2023
TensorFlow vulnerable to Int overflow in `RaggedRangeOp` Moderate
CVE-2022-35940 was published for tensorflow (pip) Sep 16, 2022
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for frontier (Rust) Aug 18, 2022
`CHECK` failure in depthwise ops via overflows Moderate
GHSA-mw6j-hh29-h379 was published for tensorflow (pip) May 25, 2022
Integer overflow in `SpaceToBatchND` Moderate
CVE-2022-29203 was published for tensorflow (pip) May 24, 2022
Integer overflow in BCrypt class in Spring Security Moderate
CVE-2022-22976 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
SunBK201
Integer Overflow or Wraparound in Apache Tomcat Moderate
CVE-2014-0075 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Integer Overflow or Wraparound in JBCrypt Moderate
CVE-2015-0886 was published for org.mindrot:jbcrypt (Maven) May 13, 2022
Buffer Overflow in yajl-ruby Moderate
CVE-2022-24795 was published for yajl-ruby (RubyGems) Apr 5, 2022
jhawthorn
Integer overflow in Tensorflow Moderate
CVE-2022-23575 was published for tensorflow (pip) Feb 10, 2022
Integer overflow in Tensorflow Moderate
CVE-2022-23576 was published for tensorflow (pip) Feb 10, 2022
Memory exhaustion in Tensorflow Moderate
CVE-2022-21733 was published for tensorflow (pip) Feb 10, 2022
Overflow and uncaught divide by zero in Tensorflow Moderate
CVE-2022-21729 was published for tensorflow (pip) Feb 10, 2022
Integer overflow leading to crash in Tensorflow Moderate
CVE-2022-21738 was published for tensorflow (pip) Feb 9, 2022
Integer overflows in Tensorflow Moderate
CVE-2022-23567 was published for tensorflow (pip) Feb 9, 2022
Integer overflows in Tensorflow Moderate
CVE-2022-23568 was published for tensorflow (pip) Feb 9, 2022
Integer Overflow or Wraparound in TensorFlow Moderate
GHSA-wcv5-vrvr-3rx2 was published for tensorflow (pip) Feb 9, 2022
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC Moderate
CVE-2021-43784 was published for github.com/opencontainers/runc (Go) Dec 7, 2021
felixwilhelm
ProTip! Advisories are also available from the GraphQL API