GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Heap-based Buffer Overflow in MicroPython
Moderate
CVE-2024-8946
was published
for
micropython-copy
(pip)
Sep 17, 2024
heap-buffer-overflow in MicroPython
Moderate
CVE-2024-8948
was published
for
micropython-copy
(pip)
Sep 17, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Elasticsearch StackOverflow vulnerability
Moderate
CVE-2024-37280
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 13, 2024
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Moderate
CVE-2024-29133
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
JLine vulnerable to out of memory error
Moderate
CVE-2023-50572
was published
for
org.jline:jline-parent
(Maven)
Dec 29, 2023
json-path Out-of-bounds Write vulnerability
Moderate
CVE-2023-51074
was published
for
com.jayway.jsonpath:json-path
(Maven)
Dec 27, 2023
Elasticsearch vulnerable to stack overflow in the search API
Moderate
CVE-2023-31419
was published
for
org.elasticsearch:elasticsearch
(Maven)
Oct 26, 2023
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Moderate
CVE-2023-46136
was published
for
werkzeug
(pip)
Oct 25, 2023
Jettison parser crash by stackoverflow
Moderate
GHSA-xqcq-j8w9-3pxv
was published
for
com.tencyle.fixes:org.codehaus.jettison--jettison
(Maven)
Aug 1, 2023
janino vulnerable to denial of service due to stack overflow
Moderate
CVE-2023-33546
was published
for
org.codehaus.janino:janino-parent
(Maven)
Jun 1, 2023
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
Moderate
CVE-2023-32981
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
May 16, 2023
XWiki Platform subject to Uncontrolled Resource Consumption
Moderate
CVE-2023-26470
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Mar 3, 2023
Apiman Manager API affected by Jackson denial of service vulnerability
Moderate
GHSA-q95j-488q-5q3p
was published
for
io.apiman:apiman-manager-api-impl
(Maven)
Jan 9, 2023
LIEF heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind
Moderate
CVE-2022-43171
was published
for
lief
(pip)
Nov 18, 2022
Snakeyaml vulnerable to Stack overflow leading to denial of service
Moderate
CVE-2022-41854
was published
for
org.yaml:snakeyaml
(Maven)
Nov 11, 2022
Wasmtime out of bounds read/write with zero-memory-pages configuration
Moderate
CVE-2022-39392
was published
for
wasmtime
(Rust)
Nov 10, 2022
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40160
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40158
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40159
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40157
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
JXPath Out-of-bounds Write vulnerability
Moderate
CVE-2022-40161
was published
for
commons-jxpath:commons-jxpath
(Maven)
Oct 6, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API