Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Missing release of memory in sized-chunks High
CVE-2020-25794 was published for sized-chunks (Rust) Aug 25, 2021
Missing Release of Memory after Effective Lifetime in detect-character-encoding High
CVE-2021-39176 was published for detect-character-encoding (npm) Sep 1, 2021
crossbeam-channel Undefined Behavior before v0.4.4 High
CVE-2020-15254 was published for crossbeam-channel (Rust) Aug 25, 2021
Missing release of memory in sized-chunks High
CVE-2020-25795 was published for sized-chunks (Rust) Aug 25, 2021
Undertow vulnerable to memory exhaustion due to buffer leak High
CVE-2021-3690 was published for io.undertow:undertow-core (Maven) Jul 15, 2022
CometBFT may duplicate transactions in the mempool's data structures High
CVE-2023-34451 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
otrack
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability High
CVE-2023-5954 was published for github.com/hashicorp/vault (Go) Nov 9, 2023
Wildfly-OpenSSL memory leak flaw High
CVE-2020-25644 was published for org.wildfly.openssl:wildfly-openssl-natives-parent (Maven) May 24, 2022
Remote Denial of Service Vulnerability in Microsoft QUIC High
GHSA-2x7m-gf85-3745 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Mar 13, 2024
MsQuic Remote Denial of Service Vulnerability High
CVE-2023-36435 was published for Microsoft.Native.Quic.MsQuic.OpenSSL (NuGet) Oct 10, 2023
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity
Pyopenssl Incorrect Memory Management High
CVE-2018-1000808 was published for pyopenssl (pip) Oct 10, 2018
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
andrewpollock
go-crypto-winnative BCryptGenerateSymmetricKey memory leak High
CVE-2025-25199 was published for github.com/microsoft/go-crypto-winnative (Go) Feb 12, 2025
clarkb7
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout High
CVE-2025-1634 was published for io.quarkus:quarkus-resteasy (Maven) Feb 26, 2025
r3kumar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database