GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,614
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,301
Maven 5,576
npm 3,942
NuGet 711
pip 3,711
Pub 12
RubyGems 920
Rust 960
Swift 38

Unreviewed advisories

All unreviewed 256,931

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

298 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Critical Unreviewed

CVE-2022-23990 was published Feb 10, 2022

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for... Critical Unreviewed

CVE-2022-23852 was published Feb 10, 2022

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to... Critical Unreviewed

CVE-2022-23943 was published Mar 15, 2022

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond... Critical Unreviewed

CVE-2022-28615 was published Jun 10, 2022

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based... Critical Unreviewed

CVE-2025-23016 was published Jan 10, 2025

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the... Critical Unreviewed

CVE-2017-1000158 was published May 13, 2022

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus... Critical Unreviewed

CVE-2012-6706 was published May 14, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c... Critical Unreviewed

CVE-2017-9199 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c... Critical Unreviewed

CVE-2017-9200 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c... Critical Unreviewed

CVE-2017-9161 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in... Critical Unreviewed

CVE-2017-9196 was published May 13, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c... Critical Unreviewed

CVE-2017-9198 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed

CVE-2017-9186 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c... Critical Unreviewed

CVE-2017-9197 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed

CVE-2017-9187 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed

CVE-2017-9184 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c... Critical Unreviewed

CVE-2017-9185 was published May 17, 2022

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c... Critical Unreviewed

CVE-2017-9162 was published May 17, 2022

An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw... Critical Unreviewed

CVE-2017-6889 was published May 17, 2022

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch... Critical Unreviewed

CVE-2017-6350 was published May 14, 2022

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0... Critical Unreviewed

CVE-2017-6349 was published May 14, 2022

(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow... Critical Unreviewed

CVE-2016-9558 was published May 13, 2022

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set... Critical Unreviewed

CVE-2017-5885 was published May 14, 2022

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell... Critical Unreviewed

CVE-2017-5953 was published May 14, 2022

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which... Critical Unreviewed

CVE-2016-9132 was published May 17, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

298 advisories