GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
235 advisories
Filter by severity
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the...
High
Unreviewed
CVE-2024-24259
was published
Feb 5, 2024
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the...
High
Unreviewed
CVE-2024-24258
was published
Feb 5, 2024
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the...
High
Unreviewed
CVE-2024-24265
was published
Feb 5, 2024
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the...
High
Unreviewed
CVE-2024-24267
was published
Feb 5, 2024
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a...
High
Unreviewed
CVE-2022-42319
was published
Nov 1, 2022
Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.
High
Unreviewed
CVE-2023-33049
was published
Feb 6, 2024
A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential...
High
Unreviewed
CVE-2023-5156
was published
Sep 25, 2023
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in...
High
Unreviewed
CVE-2024-22563
was published
Jan 19, 2024
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be...
High
Unreviewed
CVE-2023-28366
was published
Sep 1, 2023
In canvas rendering, a compromised content process could have caused a surface to change...
High
Unreviewed
CVE-2023-5170
was published
Sep 27, 2023
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will...
High
Unreviewed
CVE-2023-3592
was published
Oct 2, 2023
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol...
High
Unreviewed
CVE-2024-21611
was published
Jan 12, 2024
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to...
High
Unreviewed
CVE-2020-16949
was published
May 24, 2022
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
High
CVE-2023-5954
was published
for
github.com/hashicorp/vault
(Go)
Nov 9, 2023
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version...
High
Unreviewed
CVE-2023-0248
was published
Dec 14, 2023
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes...
High
Unreviewed
CVE-2023-48090
was published
Nov 20, 2023
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An...
High
Unreviewed
CVE-2021-3905
was published
Aug 24, 2022
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
High
Unreviewed
CVE-2019-20388
was published
May 24, 2022
CometBFT may duplicate transactions in the mempool's data structures
High
CVE-2023-34451
was published
for
github.com/cometbft/cometbft
(Go)
Jul 5, 2023
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5...
High
Unreviewed
CVE-2022-20785
was published
May 5, 2022
A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA)...
High
Unreviewed
CVE-2020-3572
was published
May 24, 2022
A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance ...
High
Unreviewed
CVE-2020-3373
was published
May 24, 2022
A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE)...
High
Unreviewed
CVE-2019-1708
was published
May 24, 2022
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta...
High
Unreviewed
CVE-2021-42522
was published
Aug 26, 2022
ProTip!
Advisories are also available from the
GraphQL API