GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
285 advisories
Filter by severity
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful...
Critical
Unreviewed
CVE-2021-37095
was published
Dec 8, 2021
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful...
Critical
Unreviewed
CVE-2021-37065
was published
Dec 8, 2021
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS...
Critical
Unreviewed
CVE-2021-26109
was published
Dec 9, 2021
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the...
Critical
Unreviewed
CVE-2021-40417
was published
Dec 23, 2021
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This...
Critical
Unreviewed
CVE-2021-45608
was published
Dec 27, 2021
There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of...
Critical
Unreviewed
CVE-2021-39993
was published
Jan 11, 2022
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer...
Critical
Unreviewed
CVE-2021-30636
was published
Jan 25, 2022
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following...
Critical
Unreviewed
CVE-2021-26706
was published
Jan 25, 2022
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Critical
Unreviewed
CVE-2022-23990
was published
Feb 10, 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for...
Critical
Unreviewed
CVE-2022-23852
was published
Feb 10, 2022
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22824
was published
Feb 10, 2022
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22822
was published
Feb 10, 2022
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Critical
Unreviewed
CVE-2022-22823
was published
Feb 10, 2022
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer...
Critical
Unreviewed
CVE-2022-24310
was published
Feb 11, 2022
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server...
Critical
Unreviewed
CVE-2022-25330
was published
Feb 25, 2022
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful...
Critical
Unreviewed
CVE-2021-22480
was published
Feb 26, 2022
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer...
Critical
Unreviewed
CVE-2022-26495
was published
Mar 7, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
Critical
Unreviewed
CVE-2021-42019
was published
Mar 9, 2022
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32...
Critical
Unreviewed
CVE-2022-22721
was published
Mar 15, 2022
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound...
Critical
Unreviewed
CVE-2022-23884
was published
Mar 29, 2022
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in...
Critical
Unreviewed
CVE-2009-0947
was published
Apr 21, 2022
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc...
Critical
Unreviewed
CVE-2021-27439
was published
May 4, 2022
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function...
Critical
Unreviewed
CVE-2021-27433
was published
May 4, 2022
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function,...
Critical
Unreviewed
CVE-2021-27435
was published
May 4, 2022
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc...
Critical
Unreviewed
CVE-2021-27427
was published
May 4, 2022
ProTip!
Advisories are also available from the
GraphQL API