GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Logic error in Legion of the Bouncy Castle BC Java
High
CVE-2020-28052
was published
for
org.bouncycastle:bcprov-ext-jdk15on
(Maven)
Apr 30, 2021
Missing Handler in @scandipwa/magento-scripts
Moderate
CVE-2021-32684
was published
for
@scandipwa/magento-scripts
(npm)
Jun 21, 2021
Drainage of FeeCollector's Block Transaction Fees in cronos
High
CVE-2021-43839
was published
for
github.com/crypto-org-chain/cronos
(Go)
Jan 6, 2022
Ansible unsafe evaluation of some strings
High
CVE-2014-2686
was published
for
ansible
(pip)
May 17, 2022
Always-Incorrect Control Flow Implementation in Facebook Hermes
Critical
CVE-2020-1914
was published
for
hermes-engine
(npm)
May 24, 2022
bson-objectid contains Improper input validation
High
CVE-2019-19729
was published
for
bson-objectid
(npm)
May 24, 2022
Multiple evaluation of contract address in call in vyper
High
CVE-2022-29255
was published
for
vyper
(pip)
Jun 6, 2022
Incorrect handling of invalid surrogate pair characters
High
CVE-2022-31116
was published
for
ujson
(pip)
Jul 5, 2022
Solana Pay Vulnerable to Weakness in Transfer Validation Logic
Moderate
CVE-2022-35917
was published
for
@solana/pay
(npm)
Aug 6, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Moderate
CVE-2022-39354
was published
for
evm
(Rust)
Oct 25, 2022
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Moderate
CVE-2022-41884
was published
for
tensorflow
(pip)
Nov 21, 2022
Incorrect success value returned in vyper
High
CVE-2023-30629
was published
for
vyper
(pip)
Apr 24, 2023
Vyper's nonpayable default functions are sometimes payable
Moderate
CVE-2023-32675
was published
for
vyper
(pip)
May 22, 2023
Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log
Moderate
CVE-2023-39152
was published
for
org.jenkins-ci.plugins:gradle
(Maven)
Jul 26, 2023
Vyper: reversed order of side effects for some operations
Moderate
CVE-2023-40015
was published
for
vyper
(pip)
Sep 4, 2023
incorrect order of evaluation of side effects for some builtins
Moderate
CVE-2023-41052
was published
for
vyper
(pip)
Sep 4, 2023
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointer
High
CVE-2023-41058
was published
for
parse-server
(npm)
Sep 4, 2023
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
High
CVE-2023-23623
was published
for
electron
(npm)
Sep 6, 2023
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
Moderate
CVE-2023-41338
was published
for
github.com/gofiber/fiber
(Go)
Sep 8, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Moderate
CVE-2023-49798
was published
for
@openzeppelin/contracts
(npm)
Dec 12, 2023
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Moderate
GHSA-6xch-2vxx-5pvr
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
ProTip!
Advisories are also available from the
GraphQL API