Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,584 advisories

Loading
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized... High Unreviewed
CVE-2026-26178 was published Apr 14, 2026
Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue... High Unreviewed
CVE-2026-25208 was published Apr 13, 2026
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2026-4154 was published Apr 11, 2026
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2026-4151 was published Apr 11, 2026
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability... High Unreviewed
CVE-2026-4150 was published Apr 11, 2026
An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to... High Unreviewed
CVE-2026-5477 was published Apr 10, 2026
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to... High Unreviewed
CVE-2026-5870 was published Apr 9, 2026
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write High
CVE-2026-34589 was published for OpenEXR (pip) Apr 8, 2026
quangIO Credited to quangIO
OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write High
CVE-2026-34588 was published for OpenEXR (pip) Apr 8, 2026
quangIO Credited to quangIO
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server... High Unreviewed
CVE-2026-24173 was published Apr 7, 2026
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of... High Unreviewed
CVE-2026-24450 was published Apr 7, 2026
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw... High Unreviewed
CVE-2026-24660 was published Apr 7, 2026
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw... High Unreviewed
CVE-2026-20884 was published Apr 7, 2026
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This... High Unreviewed
CVE-2026-5732 was published Apr 7, 2026
Memory corruption when decoding corrupted satellite data files with invalid signature offsets. High Unreviewed
CVE-2025-47392 was published Apr 6, 2026
OpenEXR: integer overflow to OOB write in uncompress_b44_impl() High
CVE-2026-34544 was published for openexr (pip) Apr 3, 2026
nicoppida Credited to nicoppida
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity... High Unreviewed
CVE-2026-35092 was published Apr 1, 2026
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an... High Unreviewed
CVE-2026-3308 was published Mar 31, 2026
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling High
CVE-2026-34219 was published for libp2p-gossipsub (Rust) Mar 30, 2026
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to... High Unreviewed
CVE-2026-3945 was published Mar 30, 2026
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead High
CVE-2026-27889 was published for github.com/nats-io/nats-server (Go) Mar 25, 2026
Mistz1 Credited to Mistz1 and jiayuqi7813 jiayuqi7813 jiayuqi7813
An integer overflow was addressed with improved input validation. This issue is fixed in macOS... High Unreviewed
CVE-2026-20639 was published Mar 25, 2026
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer... High Unreviewed
CVE-2026-4775 was published Mar 24, 2026
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module... High Unreviewed
CVE-2026-27784 was published Mar 24, 2026
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability... High Unreviewed
CVE-2026-4694 was published Mar 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database