Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,523 advisories

Loading
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7638 was published May 13, 2022
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7637 was published May 13, 2022
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7588 was published May 13, 2022
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash... High Unreviewed
CVE-2019-10903 was published May 13, 2022
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7641 was published May 13, 2022
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7639 was published May 13, 2022
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs... High Unreviewed
CVE-2018-7640 was published May 13, 2022
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1... High Unreviewed
CVE-2017-14226 was published May 13, 2022
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the ... High Unreviewed
CVE-2018-5802 was published May 13, 2022
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in... High Unreviewed
CVE-2017-5848 was published May 13, 2022
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins... High Unreviewed
CVE-2017-5847 was published May 13, 2022
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier... High Unreviewed
CVE-2017-15672 was published May 13, 2022
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the... High Unreviewed
CVE-2018-13300 was published May 13, 2022
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3... High Unreviewed
CVE-2017-11399 was published May 13, 2022
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows... High Unreviewed
CVE-2017-11719 was published May 13, 2022
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in... High Unreviewed
CVE-2015-8397 was published May 13, 2022
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a... High Unreviewed
CVE-2016-10244 was published May 13, 2022
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900... High Unreviewed
CVE-2018-19541 was published May 13, 2022
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of... High Unreviewed
CVE-2017-9814 was published May 13, 2022
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the... High Unreviewed
CVE-2019-3823 was published May 13, 2022
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive... High Unreviewed
CVE-2016-5842 was published May 13, 2022
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to... High Unreviewed
CVE-2018-1303 was published May 13, 2022
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a... High Unreviewed
CVE-2017-7483 was published May 13, 2022
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information... High Unreviewed
CVE-2015-8948 was published May 13, 2022
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by... High Unreviewed
CVE-2016-6262 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database