Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

183 advisories

Loading
extlib does not properly restrict casts of string values High
CVE-2013-1802 was published for extlib (RubyGems) Oct 24, 2017
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Dangling reference in flatbuffers High
CVE-2020-35864 was published for flatbuffers (Rust) Aug 25, 2021
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked` High
CVE-2020-35865 was published for os_str_bytes (Rust) Aug 25, 2021
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt... High Unreviewed
CVE-2021-43537 was published Dec 9, 2021
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor... High Unreviewed
CVE-2021-39989 was published Jan 4, 2022
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and... High Unreviewed
CVE-2021-30300 was published Jan 14, 2022
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a... High Unreviewed
CVE-2021-3578 was published Feb 17, 2022
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Possible buffer overflow to improper validation of hash segment of file while allocating memory... High Unreviewed
CVE-2021-35110 was published Apr 2, 2022
Possible out of bounds access due to improper input validation during graphics profiling in... High Unreviewed
CVE-2021-35105 was published Apr 2, 2022
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049... High Unreviewed
CVE-2018-3843 was published May 13, 2022
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion... High Unreviewed
CVE-2017-3106 was published May 13, 2022
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions... High Unreviewed
CVE-2015-5219 was published May 13, 2022
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This... High Unreviewed
CVE-2018-9568 was published May 13, 2022
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0... High Unreviewed
CVE-2010-1822 was published May 13, 2022
ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron... High Unreviewed
CVE-2018-8076 was published May 13, 2022
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45... High Unreviewed
CVE-2016-5263 was published May 13, 2022
MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a... High Unreviewed
CVE-2018-14379 was published May 13, 2022
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a... High Unreviewed
CVE-2018-15910 was published May 13, 2022
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a... High Unreviewed
CVE-2018-16513 was published May 13, 2022
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could... High Unreviewed
CVE-2018-15909 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... High Unreviewed
CVE-2018-9941 was published May 13, 2022
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations... High Unreviewed
CVE-2018-9942 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API