GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Pyopenssl Incorrect Memory Management
High
CVE-2018-1000808
was published
for
pyopenssl
(pip)
Oct 10, 2018
Missing release of memory in sized-chunks
High
CVE-2020-25795
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Missing release of memory in sized-chunks
High
CVE-2020-25794
was published
for
sized-chunks
(Rust)
Aug 25, 2021
crossbeam-channel Undefined Behavior before v0.4.4
High
CVE-2020-15254
was published
for
crossbeam-channel
(Rust)
Aug 25, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding
High
CVE-2021-39176
was published
for
detect-character-encoding
(npm)
Sep 1, 2021
Wildfly-OpenSSL memory leak flaw
High
CVE-2020-25644
was published
for
org.wildfly.openssl:wildfly-openssl-natives-parent
(Maven)
May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
Undertow vulnerable to memory exhaustion due to buffer leak
High
CVE-2021-3690
was published
for
io.undertow:undertow-core
(Maven)
Jul 15, 2022
CometBFT may duplicate transactions in the mempool's data structures
High
CVE-2023-34451
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
MsQuic Remote Denial of Service Vulnerability
High
CVE-2023-36435
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Oct 10, 2023
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
High
CVE-2023-5954
was published
for
github.com/hashicorp/vault
(Go)
Nov 9, 2023
Remote Denial of Service Vulnerability in Microsoft QUIC
High
GHSA-2x7m-gf85-3745
was published
for
Microsoft.Native.Quic.MsQuic.OpenSSL
(NuGet)
Mar 13, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
High
CVE-2024-7884
was published
for
ic_cdk
(Rust)
Sep 5, 2024
ProTip!
Advisories are also available from the
GraphQL API