GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Logic error in Legion of the Bouncy Castle BC Java
High
CVE-2020-28052
was published
for
org.bouncycastle:bcprov-ext-jdk15on
(Maven)
Apr 30, 2021
Drainage of FeeCollector's Block Transaction Fees in cronos
High
CVE-2021-43839
was published
for
github.com/crypto-org-chain/cronos
(Go)
Jan 6, 2022
Ansible unsafe evaluation of some strings
High
CVE-2014-2686
was published
for
ansible
(pip)
May 17, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Multiple evaluation of contract address in call in vyper
High
CVE-2022-29255
was published
for
vyper
(pip)
Jun 6, 2022
Incorrect handling of invalid surrogate pair characters
High
CVE-2022-31116
was published
for
ujson
(pip)
Jul 5, 2022
Incorrect success value returned in vyper
High
CVE-2023-30629
was published
for
vyper
(pip)
Apr 24, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Contract balance not updating correctly after interchain transaction
High
CVE-2024-37153
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
High
CVE-2024-38365
was published
for
github.com/btcsuite/btcd
(Go)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API