Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow... High Unreviewed
CVE-2024-41011 was published Jul 18, 2024
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and... Moderate Unreviewed
CVE-2025-55552 was published Sep 25, 2025
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Credited to poljar
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with... Moderate Unreviewed
CVE-2024-11407 was published Nov 26, 2024
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in... Moderate Unreviewed
CVE-2025-5372 was published Jul 4, 2025
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that... High Unreviewed
CVE-2025-4435 was published Jun 3, 2025
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts... High Unreviewed
CVE-2021-45960 was published Feb 10, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
Credited to akirilov-arm
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs Moderate
CVE-2022-31104 was published for cranelift-codegen (Rust) Jun 29, 2022
alexcrichton MaineK00n
Credited to alexcrichton and MaineK00n
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS... High Unreviewed
CVE-2017-12134 was published May 13, 2022
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point... Moderate Unreviewed
CVE-2017-11537 was published May 13, 2022
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in... Moderate Unreviewed
CVE-2017-8932 was published May 13, 2022
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest... High Unreviewed
CVE-2017-8905 was published May 13, 2022
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type... High Unreviewed
CVE-2017-8326 was published May 13, 2022
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote... Moderate Unreviewed
CVE-2016-7433 was published May 13, 2022
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95.... Moderate Unreviewed
CVE-2019-20051 was published May 24, 2022
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause... Moderate Unreviewed
CVE-2023-31347 was published Feb 13, 2024
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. Moderate Unreviewed
CVE-2024-25883 was published Feb 7, 2025
Erroneous Proof of Work calculation in geth Moderate
CVE-2020-26240 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
slavikus
Credited to slavikus
Shallow copy bug in geth Moderate
CVE-2020-26241 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
johnyangk
Credited to johnyangk
Vyper's `_abi_decode` input not validated in complex expressions Moderate
CVE-2023-42460 was published for vyper (pip) Sep 26, 2023
trocher
Credited to trocher
missing clamps for decimal args in external functions Moderate
CVE-2021-41122 was published for vyper (pip) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database