GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Devise does not properly perform type conversion when performing database queries
Moderate
CVE-2013-0233
was published
for
devise
(RubyGems)
Oct 24, 2017
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
Unsound casting in flatbuffers
Critical
CVE-2019-25004
was published
for
flatbuffers
(Rust)
Aug 25, 2021
Dangling reference in flatbuffers
High
CVE-2020-35864
was published
for
flatbuffers
(Rust)
Aug 25, 2021
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
High
CVE-2020-35865
was published
for
os_str_bytes
(Rust)
Aug 25, 2021
Unaligned memory access in rand_core
Critical
CVE-2020-25576
was published
for
rand_core
(Rust)
Aug 25, 2021
Cachet vulnerable to forced reinstall
High
CVE-2021-39173
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Improperly checked metadata on tools/armour itemstacks received from the client
High
GHSA-46c5-pfj8-fv65
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Improper Input Validation in IpMatcher
Critical
CVE-2021-33318
was published
for
IpMatcher
(NuGet)
May 17, 2022
Incorrect Privilege Assignment in Jenkins Script Security Plugin
High
CVE-2019-10355
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
pg-native and libpq vulnerable to uncontrolled resource consumption
High
CVE-2022-25852
was published
for
libpq
(npm)
Jun 18, 2022
Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
High
GHSA-5c6q-f783-h888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Sep 30, 2022
•
withdrawn
com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution
High
CVE-2022-41828
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
Oct 12, 2022
`CHECK` fail in `BCast` overflow
Moderate
CVE-2022-41890
was published
for
tensorflow
(pip)
Nov 21, 2022
Invalid char to bool conversion when printing a tensor
Moderate
CVE-2022-41911
was published
for
tensorflow
(pip)
Nov 21, 2022
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
High
CVE-2022-1642
was published
for
github.com/apple/swift-corelibs-foundation
(Swift)
Jun 7, 2023
Weaviate denial of service vulnerability
High
CVE-2023-38976
was published
for
github.com/weaviate/weaviate
(Go)
Aug 22, 2023
ProTip!
Advisories are also available from the
GraphQL API