Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Unaligned memory access in rand_core Critical
CVE-2020-25576 was published for rand_core (Rust) Aug 25, 2021
rillian
Unsoundness in bigint Critical
CVE-2020-35880 was published for bigint (Rust) Aug 25, 2021
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution High
CVE-2022-41828 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Oct 12, 2022
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Possible out of bounds access due to improper input validation during graphics profiling in... High Unreviewed
CVE-2021-35105 was published Apr 2, 2022
Possible buffer overflow to improper validation of hash segment of file while allocating memory... High Unreviewed
CVE-2021-35110 was published Apr 2, 2022
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP... Moderate Unreviewed
CVE-2022-0322 was published Mar 26, 2022
Possible out of bounds read due to improper typecasting while handling page fault for global... High Unreviewed
CVE-2021-35091 was published Jun 15, 2022
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that... High Unreviewed
CVE-2016-4709 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10... High Unreviewed
CVE-2016-7655 was published May 17, 2022
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that... High Unreviewed
CVE-2016-4710 was published May 17, 2022
In audio DSP, there is a possible memory corruption due to improper casting. This could lead to... Moderate Unreviewed
CVE-2022-21786 was published Jul 7, 2022
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed
CVE-2017-9183 was published May 17, 2022
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and... High Unreviewed
CVE-2017-2962 was published May 17, 2022
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion... High Unreviewed
CVE-2017-2995 was published May 14, 2022
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Memory corruption in display driver due to incorrect type casting while accessing the fence... High Unreviewed
CVE-2022-25715 was published Jan 9, 2023
AWS Redshift JDBC Driver fails to validate class type during object instantiation High
GHSA-5c6q-f783-h888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) Sep 30, 2022
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to... Critical Unreviewed
CVE-2019-2097 was published May 24, 2022
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon... High Unreviewed
CVE-2022-22102 was published Sep 3, 2022
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X... Critical Unreviewed
CVE-2016-6992 was published May 13, 2022
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion... Critical Unreviewed
CVE-2018-4920 was published May 14, 2022
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt... High Unreviewed
CVE-2021-43537 was published Dec 9, 2021
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to... High Unreviewed
CVE-2020-7081 was published May 24, 2022
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override... Moderate Unreviewed
CVE-2020-13293 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database