Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,831
Erlang
36
GitHub Actions
33
Go
2,451
Maven
5,000+
npm
4,073
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (pip) Aug 8, 2025
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (pip) Aug 8, 2025
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib Critical
GHSA-q5fm-55c2-v6j9 was published for fiona (pip) Jul 16, 2024
sgillies
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency Critical
CVE-2023-45853 was published for pyminizip (pip) Oct 14, 2023
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
lz4-sys vulnerable to memory corruption via issue in liblz4 Critical
GHSA-9q5j-jm53-v7vr was published for lz4-sys (Rust) Sep 1, 2022
Mercurial mishandles integer addition and subtraction Critical
CVE-2018-13347 was published for mercurial (pip) May 13, 2022
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
Integer overflow in Pillow Critical
CVE-2020-5310 was published for pillow (pip) Nov 3, 2021
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
Integer Overflow or Wraparound in Google TensorFlow Critical
CVE-2018-7575 was published for tensorflow (pip) Apr 30, 2019
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server Critical
CVE-2017-7657 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database