GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Unexpected server crash in Next.js
Moderate
CVE-2022-36046
was published
for
next
(npm)
Aug 30, 2022
Authz Module Non-Determinism
Moderate
CVE-2021-41135
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Oct 21, 2021
Denial of Service (DoS) in mongo-express
Moderate
CVE-2021-23372
was published
for
mongo-express
(npm)
Oct 6, 2021
Crash due to erroneous `StatusOr` in TensorFlow
Moderate
CVE-2022-23590
was published
for
tensorflow
(pip)
Feb 9, 2022
Froxlor contains Unchecked Error Condition
Moderate
CVE-2023-0572
was published
for
froxlor/froxlor
(Composer)
Jan 30, 2023
Improper Check for Unusual or Exceptional Conditions in json-smart
Moderate
CVE-2021-27568
was published
for
net.minidev:json-smart
(Maven)
Jun 16, 2021
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Moderate
CVE-2021-33605
was published
for
com.vaadin:vaadin-checkbox-flow
(Maven)
Aug 30, 2021
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Moderate
CVE-2023-23626
was published
for
github.com/ipfs/go-bitfield
(Go)
Feb 10, 2023
OctoRPKI crashes when max iterations is reached
Moderate
CVE-2022-3616
was published
for
github.com/cloudflare/cfrpki
(Go)
Oct 31, 2022
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Moderate
CVE-2023-34449
was published
for
ink
(Rust)
Jun 14, 2023
Electron context isolation bypass via nested unserializable return value
Moderate
CVE-2023-29198
was published
for
electron
(npm)
Sep 6, 2023
Mattermost denial of service vulnerability
Moderate
CVE-2023-5967
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Shopware improper mail validation vulnerability
Moderate
CVE-2023-34099
was published
for
shopware/shopware
(Composer)
Jun 28, 2023
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Moderate
CVE-2024-23650
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Mattermost crashes web clients via a malformed custom status
Moderate
CVE-2024-4182
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Moderate
CVE-2024-39832
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Moderate
CVE-2023-23931
was published
for
cryptography
(pip)
Feb 7, 2023
Potential Captcha Validate Bypass in flask-session-captcha
Moderate
CVE-2022-24880
was published
for
flask-session-captcha
(pip)
Apr 26, 2022
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
Incomplete validation in `SparseSparseMinimum`
Moderate
CVE-2021-29607
was published
for
tensorflow
(pip)
Mar 18, 2022
Insufficient validation when decoding a Socket.IO packet
Moderate
CVE-2023-32695
was published
for
socket.io-parser
(npm)
May 23, 2023
socket.io has an unhandled 'error' event
Moderate
CVE-2024-38355
was published
for
socket.io
(npm)
Jun 19, 2024
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Moderate
CVE-2024-24567
was published
for
vyper
(pip)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API