Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,780 advisories

Loading
Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-57958 was published Feb 6, 2025
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server... Moderate Unreviewed
CVE-2024-24911 was published Feb 6, 2025
Information disclosure while processing information on firmware image during core initialization. Moderate Unreviewed
CVE-2024-38414 was published Feb 3, 2025
Information disclosure during audio playback. Moderate Unreviewed
CVE-2024-38416 was published Feb 3, 2025
Information disclosure while processing IO control commands. Moderate Unreviewed
CVE-2024-38417 was published Feb 3, 2025
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to... Moderate Unreviewed
CVE-2025-20643 was published Feb 3, 2025
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to... Moderate Unreviewed
CVE-2025-20640 was published Feb 3, 2025
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow... Moderate Unreviewed
CVE-2023-27892 was published May 2, 2023
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component... Moderate Unreviewed
CVE-2023-29941 was published May 5, 2023
This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A... Moderate Unreviewed
CVE-2023-27945 was published May 8, 2023
In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to... Moderate Unreviewed
CVE-2017-13318 was published Jan 28, 2025
In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read... Moderate Unreviewed
CVE-2017-13317 was published Jan 28, 2025
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3... Moderate Unreviewed
CVE-2025-24092 was published Jan 28, 2025
A path handling issue was addressed with improved validation. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-24115 was published Jan 28, 2025
Windows Remote Access Connection Manager Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-30039 was published May 14, 2024
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in... Moderate Unreviewed
CVE-2024-54478 was published Jan 28, 2025
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-54507 was published Jan 28, 2025
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2,... Moderate Unreviewed
CVE-2024-54518 was published Jan 28, 2025
Information disclosure while handling T2LM Action Frame in WLAN Host. Moderate Unreviewed
CVE-2023-43537 was published Jun 3, 2024
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could... Moderate Unreviewed
CVE-2023-20719 was published May 16, 2023
An unauthenticated remote attacker can read memory out of bounds due to improper input validation... Moderate Unreviewed
CVE-2024-26000 was published Mar 12, 2024
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might... Moderate Unreviewed
CVE-2024-7347 was published Aug 14, 2024
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2025-21530 was published Jan 21, 2025
In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing... Moderate Unreviewed
CVE-2018-9383 was published Jan 18, 2025
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated... Moderate Unreviewed
CVE-2024-9843 was published Nov 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database