Search

Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

Advisories

All published security advisories for packages in the Julia ecosystem.

JLSEC-2026-492No summary availableMay 1, 2026 JLSEC-2026-373CVSS_V4No summary availableApr 25, 2026 JLSEC-2026-372CVSS_V4No summary availableApr 25, 2026 JLSEC-2026-497Medium 4.0Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bou…Apr 23, 2026 JLSEC-2026-496Medium 6.7Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of servi…Apr 23, 2026 JLSEC-2026-281CVSS_V4RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiatio…Apr 23, 2026 JLSEC-2026-280CVSS_V4Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive oper…Apr 23, 2026 JLSEC-2026-213CVSS_V4When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function...Apr 20, 2026 JLSEC-2026-491No summary availableApr 18, 2026 JLSEC-2026-384No summary availableApr 16, 2026 JLSEC-2026-152Medium 4.0In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus Mak…Apr 12, 2026 JLSEC-2026-151Medium 4.0In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling…Apr 12, 2026 JLSEC-2026-353Medium 5.5No summary availableApr 10, 2026 JLSEC-2026-354High 7.8No summary availableApr 9, 2026 JLSEC-2026-498No summary availableApr 9, 2026 JLSEC-2026-277High 7.5Issue summary: Applications using RSASVE key encapsulation to establish a secret encrypti…Apr 7, 2026 JLSEC-2026-276Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string…Apr 7, 2026 JLSEC-2026-275High 7.5No summary availableApr 7, 2026 JLSEC-2026-274High 7.5Issue summary: During processing of a crafted CMS EnvelopedData message with...Apr 7, 2026 JLSEC-2026-273High 7.5No summary availableApr 7, 2026 JLSEC-2026-272No summary availableApr 7, 2026 JLSEC-2026-149No summary availableApr 6, 2026 JLSEC-2026-148No summary availableApr 6, 2026 JLSEC-2026-144No summary availableApr 6, 2026 JLSEC-2026-143No summary availableApr 6, 2026 JLSEC-2026-142No summary availableApr 6, 2026 JLSEC-2026-212Medium 4.7No summary availableApr 3, 2026 JLSEC-2026-462No summary availableApr 2, 2026 JLSEC-2026-78Medium 4.2No summary availableApr 2, 2026 JLSEC-2026-77Low 2.5No summary availableApr 2, 2026 JLSEC-2026-76Low 3.1No summary availableApr 2, 2026 JLSEC-2026-75Low 3.6No summary availableApr 2, 2026 JLSEC-2026-74High 7.5In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an ou…Apr 2, 2026 JLSEC-2026-467Critical 9.8Mbed TLS serialized session data is not cryptographically protectedApr 2, 2026 JLSEC-2026-371CVSS_V4A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function...Apr 2, 2026 JLSEC-2026-370CVSS_V4A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...Apr 2, 2026 JLSEC-2026-369CVSS_V4A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function.…Apr 2, 2026 JLSEC-2026-147No summary availableApr 1, 2026 JLSEC-2026-146No summary availableApr 1, 2026 JLSEC-2026-145No summary availableApr 1, 2026 JLSEC-2026-466Critical 9.1Mbed TLS peer can force the FFDH shared secret into a small set of valuesApr 1, 2026 JLSEC-2026-463Medium 5.1Mbed TLS timing side channel in RSA and CBC/ECB decryptionApr 1, 2026 JLSEC-2026-465Medium 6.7Mbed TLS may use a low entropy PRNG seedApr 1, 2026 JLSEC-2026-464High 7.7Mbed TLS might use cloned PSA random generator statesApr 1, 2026 JLSEC-2026-96No summary availableMar 26, 2026 JLSEC-2026-95No summary availableMar 26, 2026 JLSEC-2026-79No summary availableMar 25, 2026 JLSEC-2026-288CVSS_V4Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in …Mar 24, 2026 JLSEC-2026-159Medium 5.5No summary availableMar 20, 2026 JLSEC-2026-158CVSS_V4No summary availableMar 20, 2026 JLSEC-2026-5nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in CMar 18, 2026 JLSEC-2026-182No summary availableMar 17, 2026 JLSEC-2026-383No summary availableMar 16, 2026 JLSEC-2026-382No summary availableMar 16, 2026 JLSEC-2026-381No summary availableMar 16, 2026 JLSEC-2026-150High 7.4No summary availableMar 16, 2026 JLSEC-2026-271High 7.5Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key…Mar 13, 2026 JLSEC-2026-439High 7.5When doing a second SMB request to the same host again, curl would wrongly use a data poi…Mar 11, 2026 JLSEC-2026-438Medium 6.5curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, eve…Mar 11, 2026 JLSEC-2026-437Medium 5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a…Mar 11, 2026 JLSEC-2026-436Medium 6.5No summary availableMar 11, 2026 JLSEC-2026-141No summary availableMar 3, 2026 JLSEC-2026-461Medium 5.3An integer overflow in the tt_var_load_item_variation_store function of the Freetype libr…Mar 2, 2026 JLSEC-2026-425Medium 4.6URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the outp…Feb 25, 2026 JLSEC-2026-140No summary availableFeb 24, 2026 JLSEC-2026-157No summary availableFeb 23, 2026 JLSEC-2026-486No summary availableFeb 23, 2026 JLSEC-2026-485No summary availableFeb 23, 2026 JLSEC-2026-484No summary availableFeb 23, 2026 JLSEC-2026-368CVSS_V4A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function...Feb 23, 2026 JLSEC-2026-367CVSS_V4A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects t…Feb 23, 2026 JLSEC-2026-366CVSS_V4A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is th…Feb 23, 2026 JLSEC-2026-116High 8.1Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_p…Feb 20, 2026 JLSEC-2026-352High 7.8No summary availableFeb 19, 2026 JLSEC-2026-480Low 2.9zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 beca…Feb 18, 2026 JLSEC-2026-56No summary availableFeb 12, 2026 JLSEC-2026-55No summary availableFeb 12, 2026 JLSEC-2026-54No summary availableFeb 12, 2026 JLSEC-2026-53No summary availableFeb 12, 2026 JLSEC-2026-11LIBPNG is a reference library for use in applications that read, create, and manipulate P…Feb 10, 2026 JLSEC-2026-380No summary availableJan 30, 2026 JLSEC-2026-270Medium 5.3Issue summary: A type confusion vulnerability exists in the signature verification of sig…Jan 27, 2026 JLSEC-2026-269Medium 5.5Issue summary: An invalid or NULL pointer dereference can happen in an application proces…Jan 27, 2026 JLSEC-2026-265High 7.5Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference…Jan 27, 2026 JLSEC-2026-264High 7.5Issue summary: A type confusion vulnerability exists in the TimeStamp Response verificati…Jan 27, 2026 JLSEC-2026-263High 7.4Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#1…Jan 27, 2026 JLSEC-2026-262Medium 4.0Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware…Jan 27, 2026 JLSEC-2026-261Medium 4.7Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering…Jan 27, 2026 JLSEC-2026-260Medium 5.9Issue summary: A TLS 1.3 connection using certificate compression can be forced to alloca…Jan 27, 2026 JLSEC-2026-10Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a …Jan 27, 2026 JLSEC-2026-9Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a …Jan 27, 2026 JLSEC-2026-258Medium 5.5Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB…Jan 27, 2026 JLSEC-2026-257Medium 5.9Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol …Jan 27, 2026 JLSEC-2026-256High 8.8Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parame…Jan 27, 2026 JLSEC-2026-255Medium 6.1Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigge…Jan 27, 2026 JLSEC-2026-379No summary availableJan 23, 2026 JLSEC-2026-189No summary availableJan 18, 2026 JLSEC-2026-115High 8.1Deno has an incomplete fix for command-injection prevention on Windows — case-insensiti…Jan 15, 2026 JLSEC-2026-114CVSS_V4Deno node:crypto doesn't finalize cipherJan 15, 2026 JLSEC-2026-8LIBPNG is a reference library for use in applications that read, create, and manipulate P…Jan 12, 2026 JLSEC-2026-7LIBPNG is a reference library for use in applications that read, create, and manipulate P…Jan 12, 2026 JLSEC-2026-431Low 3.1When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...Jan 8, 2026 JLSEC-2026-430Medium 5.3When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file…Jan 8, 2026 JLSEC-2026-429Medium 5.3When doing TLS related transfers with reused easy or multi handles and altering the ...Jan 8, 2026 JLSEC-2026-428Medium 5.3When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a…Jan 8, 2026 JLSEC-2026-427Medium 6.3When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS opti…Jan 8, 2026 JLSEC-2026-426Medium 5.9When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the cur…Jan 8, 2026 JLSEC-2026-156Medium 6.5No summary availableDec 29, 2025 JLSEC-2026-137No summary availableDec 23, 2025 JLSEC-2026-136No summary availableDec 23, 2025 JLSEC-2026-135No summary availableDec 23, 2025 JLSEC-2026-489Medium 6.5A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-…Dec 11, 2025 JLSEC-2026-488Medium 5.6A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to caus…Dec 10, 2025 JLSEC-2026-6LIBPNG is a reference library for use in applications that read, create, and manipulate P…Dec 3, 2025 JLSEC-2026-378No summary availableNov 28, 2025 JLSEC-2026-487No summary availableNov 26, 2025 JLSEC-2025-331LIBPNG is a reference library for use in applications that read, create, and manipulate P…Nov 25, 2025 JLSEC-2025-330LIBPNG is a reference library for use in applications that read, create, and manipulate P…Nov 25, 2025 JLSEC-2025-329LIBPNG is a reference library for use in applications that read, create, and manipulate P…Nov 25, 2025 JLSEC-2025-328LIBPNG is a reference library for use in applications that read, create, and manipulate P…Nov 25, 2025 JLSEC-2026-181No summary availableNov 18, 2025 JLSEC-2026-139No summary availableNov 10, 2025 JLSEC-2026-138No summary availableNov 10, 2025 JLSEC-2026-424Medium 4.3curl's code for managing SSH connections when SFTP was done using the wolfSSH powered bac…Nov 7, 2025 JLSEC-2026-153No summary availableNov 5, 2025 JLSEC-2025-233Padding oracle through timing of cipher error reportingOct 21, 2025 JLSEC-2025-232Side channel in RSA key generation and operations (SSBleed, M-Step)Oct 20, 2025 JLSEC-2026-89CVSS_V4No summary availableOct 10, 2025 JLSEC-2025-40Header injection/Response splitting via header construction.Oct 10, 2025 JLSEC-2026-113High 8.1Deno is Vulnerable to Command Injection on Windows During Batch File ExecutionOct 8, 2025 JLSEC-2026-112Low 3.3Deno's --deny-read check does not prevent permission bypassOct 8, 2025 JLSEC-2026-111Low 3.3Deno's --deny-write check does not prevent permission bypassOct 8, 2025 JLSEC-2025-8Low 3.6ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leadin…Oct 6, 2025 JLSEC-2025-7Low 3.6ssh in OpenSSH before 10.1 allows control characters in usernames that originate from cer…Oct 6, 2025 JLSEC-2026-268Medium 5.9Issue summary: An application using the OpenSSL HTTP client API functions may trigger an …Sep 30, 2025 JLSEC-2026-267Medium 6.5Issue summary: A timing side-channel which could potentially allow remote recovery of the…Sep 30, 2025 JLSEC-2026-266High 7.5No summary availableSep 30, 2025 JLSEC-2025-173libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocatio…Sep 15, 2025 JLSEC-2026-435High 7.51. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected …Sep 12, 2025 JLSEC-2026-423Medium 5.3curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame …Sep 12, 2025 JLSEC-2025-91Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 …Sep 10, 2025 JLSEC-2026-60CVSS_V4No summary availableAug 27, 2025 JLSEC-2025-323WithdrawnA flaw has been found in LibTIFF 4.7.0Aug 19, 2025 JLSEC-2025-322A weakness has been identified in LibTIFF 4.7.0Aug 14, 2025 JLSEC-2025-321A vulnerability was determined in LibTIFF up to 4.5.1Aug 11, 2025 JLSEC-2025-320A vulnerability classified as problematic was found in libtiff 4.6.0Aug 5, 2025 JLSEC-2026-88No summary availableAug 4, 2025 JLSEC-2025-319A vulnerability was found in LibTIFF up to 4.7.0Aug 1, 2025 JLSEC-2025-168A flaw was found in GLibJul 28, 2025 JLSEC-2025-318A vulnerability was found in LibTIFF up to 4.7.0Jul 26, 2025 JLSEC-2025-317A vulnerability was found in LibTIFF up to 4.7.0Jul 26, 2025 JLSEC-2025-100A flaw was found in the SFTP server message decoding logic of libsshJul 25, 2025 JLSEC-2025-99A flaw was found in libssh, a library that implements the SSH protocolJul 24, 2025 JLSEC-2025-231Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that …Jul 20, 2025 JLSEC-2025-230Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_dat…Jul 20, 2025 JLSEC-2025-9ImageMagick is free and open-source software used for editing and manipulating digital im…Jul 14, 2025 JLSEC-2025-197GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archive…Jul 11, 2025 JLSEC-2025-332A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL libraryJul 7, 2025 JLSEC-2026-351No summary availableJul 4, 2025 JLSEC-2026-350No summary availableJul 4, 2025 JLSEC-2026-349No summary availableJul 4, 2025 JLSEC-2025-229Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_…Jul 4, 2025 JLSEC-2025-228Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimiz…Jul 4, 2025 JLSEC-2025-98A flaw was found in the key export functionality of libsshJul 4, 2025 JLSEC-2025-97A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifica…Jul 4, 2025 JLSEC-2026-90CVSS_V4No summary availableJul 2, 2025 JLSEC-2026-348No summary availableJun 29, 2025 JLSEC-2026-347No summary availableJun 29, 2025 JLSEC-2026-346No summary availableJun 29, 2025 JLSEC-2026-345No summary availableJun 28, 2025 JLSEC-2026-344No summary availableJun 28, 2025 JLSEC-2026-343No summary availableJun 28, 2025 JLSEC-2026-342No summary availableJun 27, 2025 JLSEC-2025-5Lack of validation for user-provided fields in GitHub.jlJun 24, 2025 JLSEC-2025-4Argument injection in `gettreesha()` function in Registrator.jlJun 24, 2025 JLSEC-2025-2Command injection in `withpasswd()` function in Registrator.jlJun 24, 2025 JLSEC-2025-1CR/LF injection in URIs.jl (also affects HTTP.jl)Jun 24, 2025 JLSEC-2025-3Lack of validation for user-provided fields in GitForge.jlJun 24, 2025 JLSEC-2025-96A flaw was found in the libssh library in versions less than 0.11.2Jun 24, 2025 JLSEC-2026-341No summary availableJun 23, 2025 JLSEC-2025-39Possible XSS in HTMLSanitizer when using svg elementsJun 23, 2025 JLSEC-2026-340No summary availableJun 19, 2025 JLSEC-2026-339No summary availableJun 19, 2025 JLSEC-2026-454CVSS_V4A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as proble…Jun 16, 2025 JLSEC-2026-197No summary availableJun 16, 2025 JLSEC-2026-196No summary availableJun 16, 2025 JLSEC-2025-167A flaw was found in how GLib’s GString manages memory when adding data to stringsJun 13, 2025 JLSEC-2025-196A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer s…Jun 12, 2025 JLSEC-2025-249A vulnerability has been identified in the libarchive libraryJun 9, 2025 JLSEC-2025-247A vulnerability has been identified in the libarchive libraryJun 9, 2025 JLSEC-2025-248A vulnerability has been identified in the libarchive libraryJun 9, 2025 JLSEC-2025-246A vulnerability has been identified in the libarchive libraryJun 9, 2025 JLSEC-2025-245A vulnerability has been identified in the libarchive library, specifically within the ar…Jun 9, 2025 JLSEC-2026-434High 7.5Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly …Jun 7, 2025 JLSEC-2026-110CVSS_V4Deno.env.toObject() ignores the variables listed in --deny-env and returns all environmen…Jun 4, 2025 JLSEC-2026-109CVSS_V4Deno run with --allow-read and --deny-read flags results in allowedJun 4, 2025 JLSEC-2026-108CVSS_V4Deno's AES GCM authentication tags are not verifiedJun 3, 2025 JLSEC-2026-338No summary availableMay 30, 2025 JLSEC-2026-337No summary availableMay 30, 2025 JLSEC-2026-433Medium 4.8libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due …May 28, 2025 JLSEC-2026-432Medium 6.5libcurl accidentally skips the certificate verification for QUIC connections when connect…May 28, 2025 JLSEC-2026-195No summary availableMay 26, 2025 JLSEC-2026-194No summary availableMay 26, 2025 JLSEC-2026-193No summary availableMay 26, 2025 JLSEC-2026-192No summary availableMay 26, 2025 JLSEC-2026-191No summary availableMay 26, 2025 JLSEC-2026-259Medium 6.5Issue summary: Use of -addreject option with the openssl x509 application adds a trusted …May 22, 2025 JLSEC-2026-126Medium 4.5In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multipl…May 16, 2025 JLSEC-2026-125Medium 4.5In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffe…May 16, 2025 JLSEC-2025-152ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /lib…May 2, 2025 JLSEC-2026-87Medium 4.3NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 sig…Apr 18, 2025 JLSEC-2025-90In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschem…Apr 17, 2025 JLSEC-2026-190No summary availableApr 14, 2025 JLSEC-2026-73Medium 4.3In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the...Apr 10, 2025 JLSEC-2026-495Medium 4.0GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders…Apr 9, 2025 JLSEC-2025-89In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur …Apr 8, 2025 JLSEC-2026-86Medium 4.0Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the...Apr 5, 2025 JLSEC-2026-85Medium 4.0A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can ca…Apr 5, 2025 JLSEC-2026-336No summary availableMar 28, 2025 JLSEC-2026-335No summary availableMar 28, 2025 JLSEC-2026-334No summary availableMar 28, 2025 JLSEC-2026-333No summary availableMar 28, 2025 JLSEC-2026-332No summary availableMar 28, 2025 JLSEC-2026-331No summary availableMar 28, 2025 JLSEC-2026-330No summary availableMar 28, 2025 JLSEC-2026-329No summary availableMar 28, 2025 JLSEC-2025-244Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running progr…Mar 28, 2025 JLSEC-2026-359No summary availableMar 27, 2025 JLSEC-2026-358No summary availableMar 27, 2025 JLSEC-2026-357No summary availableMar 27, 2025 JLSEC-2026-356No summary availableMar 27, 2025 JLSEC-2026-355No summary availableMar 27, 2025 JLSEC-2025-187Medium 5.4Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation o…Mar 25, 2025 JLSEC-2025-227Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that ha…Mar 25, 2025 JLSEC-2025-94In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted sub…Mar 19, 2025 JLSEC-2026-328No summary availableMar 14, 2025 JLSEC-2026-327No summary availableMar 14, 2025 JLSEC-2026-326No summary availableMar 14, 2025 JLSEC-2026-460High 8.1An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to pa…Mar 11, 2025 JLSEC-2026-325No summary availableMar 10, 2025 JLSEC-2026-494Medium 4.5WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.Mar 7, 2025 JLSEC-2026-493Medium 4.3JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.Mar 7, 2025 JLSEC-2025-243Medium 4.0list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime re…Mar 2, 2025 JLSEC-2025-242A vulnerability was found in libarchive up to 3.7.7Feb 24, 2025 JLSEC-2025-151A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1Feb 23, 2025 JLSEC-2025-88libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatM…Feb 18, 2025 JLSEC-2025-87libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlS…Feb 18, 2025 JLSEC-2025-86libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillN…Feb 18, 2025 JLSEC-2026-72No summary availableFeb 18, 2025 JLSEC-2025-150A vulnerability was found in FFmpeg up to 7.1Feb 17, 2025 JLSEC-2025-250Medium 4.0libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in arch…Feb 16, 2025 JLSEC-2026-422High 7.3When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP res…Feb 5, 2025 JLSEC-2026-421High 7.0libcurl would wrongly close the same eventfd file descriptor twice when taking down a con…Feb 5, 2025 JLSEC-2026-420Low 3.4When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl …Feb 5, 2025 JLSEC-2025-85xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.Jan 26, 2025 JLSEC-2026-248Medium 4.1Issue summary: A timing side-channel which could potentially allow recovering the private…Jan 20, 2025 JLSEC-2025-149Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive …Jan 16, 2025 JLSEC-2025-327A flaw was found in rsyncJan 14, 2025 JLSEC-2025-326A path traversal vulnerability exists in rsyncJan 14, 2025 JLSEC-2025-325A flaw was found in rsyncJan 14, 2025 JLSEC-2025-324A flaw was found in rsync which could be triggered when rsync compares file checksumsJan 14, 2025 JLSEC-2025-147A flaw was found in FFmpeg's DASH playlist supportJan 6, 2025 JLSEC-2025-148A flaw was found in FFmpegJan 6, 2025 JLSEC-2025-146A flaw was found in FFmpeg's HLS demuxerJan 6, 2025 JLSEC-2025-145FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing …Jan 3, 2025 JLSEC-2025-144FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c co…Jan 3, 2025 JLSEC-2025-143A flaw was found in FFmpeg's HLS playlist parsingDec 31, 2024 JLSEC-2025-142A flaw was found in FFmpeg's TTY DemuxerDec 31, 2024 JLSEC-2026-468No summary availableDec 23, 2024 JLSEC-2026-83No summary availableDec 23, 2024 JLSEC-2026-413Low 3.4When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl…Dec 11, 2024 JLSEC-2025-141FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const…Nov 29, 2024 JLSEC-2025-140FFmpeg n6.1.1 is Integer OverflowNov 29, 2024 JLSEC-2025-139An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows …Nov 29, 2024 JLSEC-2025-137FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which all…Nov 29, 2024 JLSEC-2025-138FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.Nov 29, 2024 JLSEC-2025-135FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which a…Nov 29, 2024 JLSEC-2025-136In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential …Nov 29, 2024 JLSEC-2026-119Medium 6.5Applications that use Wget to access a remote resource using shorthand URLs and pass arbi…Nov 19, 2024 JLSEC-2026-279CVSS_V4Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and…Nov 15, 2024 JLSEC-2026-50No summary availableNov 14, 2024 JLSEC-2026-49No summary availableNov 14, 2024 JLSEC-2026-48No summary availableNov 14, 2024 JLSEC-2026-47No summary availableNov 14, 2024 JLSEC-2026-251High 7.5Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be a…Nov 13, 2024 JLSEC-2025-166gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buf…Nov 11, 2024 JLSEC-2026-419Medium 5.9When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent …Nov 6, 2024 JLSEC-2025-65An issue was discovered in libexpat before 2.6.4Oct 27, 2024 JLSEC-2026-254Medium 4.3Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit v…Oct 16, 2024 JLSEC-2025-241execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allo…Oct 10, 2024 JLSEC-2025-240execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allo…Oct 10, 2024 JLSEC-2026-303No summary availableOct 9, 2024 JLSEC-2026-188No summary availableSep 18, 2024 JLSEC-2026-418Medium 6.5When curl is told to use the Certificate Status Request TLS extension, often referred to …Sep 11, 2024 JLSEC-2025-226An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user…Sep 5, 2024 JLSEC-2026-253High 7.5Issue summary: Applications performing certificate name checks (e.g., TLS clients checkin…Sep 3, 2024 JLSEC-2025-64An issue was discovered in libexpat before 2.6.3Aug 30, 2024 JLSEC-2025-63An issue was discovered in libexpat before 2.6.3Aug 30, 2024 JLSEC-2025-62An issue was discovered in libexpat before 2.6.3Aug 30, 2024 JLSEC-2025-134A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5Aug 12, 2024 JLSEC-2025-316A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`Aug 12, 2024 JLSEC-2026-52No summary availableAug 8, 2024 JLSEC-2026-180No summary availableAug 7, 2024 JLSEC-2025-133A vulnerability was found in FFmpeg up to 7.0.1Aug 6, 2024 JLSEC-2025-38libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Gene…Jul 31, 2024 JLSEC-2025-37libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) …Jul 24, 2024 JLSEC-2025-36libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 str…Jul 24, 2024 JLSEC-2026-187No summary availableJul 19, 2024 JLSEC-2026-71No summary availableJul 1, 2024 JLSEC-2026-94No summary availableJun 28, 2024 JLSEC-2026-93No summary availableJun 28, 2024 JLSEC-2026-252Critical 9.1Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty suppo…Jun 27, 2024 JLSEC-2026-84No summary availableJun 21, 2024 JLSEC-2026-120No summary availableJun 16, 2024 JLSEC-2026-122No summary availableJun 5, 2024 JLSEC-2026-377No summary availableJun 3, 2024 JLSEC-2026-376No summary availableMay 27, 2024 JLSEC-2026-250Medium 5.3Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact …May 16, 2024 JLSEC-2026-51No summary availableMay 14, 2024 JLSEC-2025-84An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7May 14, 2024 JLSEC-2026-324No summary availableMay 14, 2024 JLSEC-2026-323No summary availableMay 14, 2024 JLSEC-2026-322No summary availableMay 14, 2024 JLSEC-2026-321No summary availableMay 14, 2024 JLSEC-2026-320No summary availableMay 14, 2024 JLSEC-2026-319No summary availableMay 14, 2024 JLSEC-2026-318No summary availableMay 14, 2024 JLSEC-2026-317No summary availableMay 14, 2024 JLSEC-2026-316No summary availableMay 14, 2024 JLSEC-2026-315No summary availableMay 14, 2024 JLSEC-2026-314No summary availableMay 14, 2024 JLSEC-2026-313No summary availableMay 14, 2024 JLSEC-2026-312No summary availableMay 14, 2024 JLSEC-2026-311No summary availableMay 14, 2024 JLSEC-2026-310No summary availableMay 14, 2024 JLSEC-2026-309No summary availableMay 14, 2024 JLSEC-2026-308No summary availableMay 14, 2024 JLSEC-2026-307No summary availableMay 14, 2024 JLSEC-2026-306No summary availableMay 14, 2024 JLSEC-2026-305No summary availableMay 14, 2024 JLSEC-2026-304No summary availableMay 14, 2024 JLSEC-2026-302No summary availableMay 14, 2024 JLSEC-2026-301No summary availableMay 14, 2024 JLSEC-2026-300No summary availableMay 14, 2024 JLSEC-2026-299No summary availableMay 14, 2024 JLSEC-2026-298No summary availableMay 14, 2024 JLSEC-2026-297No summary availableMay 14, 2024 JLSEC-2026-296No summary availableMay 14, 2024 JLSEC-2026-295No summary availableMay 14, 2024 JLSEC-2026-294No summary availableMay 14, 2024 JLSEC-2026-293No summary availableMay 14, 2024 JLSEC-2026-292No summary availableMay 14, 2024 JLSEC-2026-291No summary availableMay 14, 2024 JLSEC-2026-290No summary availableMay 14, 2024 JLSEC-2026-107High 8.4Deno permission escalation vulnerability via open of privileged files with missing `--den…May 7, 2024 JLSEC-2025-165An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1May 7, 2024 JLSEC-2026-246Medium 5.9Issue summary: Checking excessively long invalid RSA public keys may take a long time. Im…Apr 25, 2024 JLSEC-2025-132FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2…Apr 19, 2024 JLSEC-2025-131FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_…Apr 19, 2024 JLSEC-2025-130FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter,…Apr 19, 2024 JLSEC-2025-128FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative …Apr 19, 2024 JLSEC-2025-129Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to e…Apr 19, 2024 JLSEC-2026-106High 7.7No summary availableApr 18, 2024 JLSEC-2025-127FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability i…Apr 17, 2024 JLSEC-2025-126FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the…Apr 17, 2024 JLSEC-2025-125FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_…Apr 17, 2024 JLSEC-2025-239Libarchive Remote Code Execution VulnerabilityApr 9, 2024 JLSEC-2026-134No summary availableApr 8, 2024 JLSEC-2026-249Medium 5.9Issue summary: Some non-default TLS server configurations can cause unbounded memory grow…Apr 8, 2024 JLSEC-2026-4nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in CApr 4, 2024 JLSEC-2026-62No summary availableMar 29, 2024 JLSEC-2025-225An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.…Mar 29, 2024 JLSEC-2025-194wall in util-linux through 2.40, often installed with setgid tty permissions, allows esca…Mar 27, 2024 JLSEC-2026-417Medium 6.5libcurl did not check the server certificate of TLS connections done to a host specified …Mar 27, 2024 JLSEC-2026-416High 8.6When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of…Mar 27, 2024 JLSEC-2026-415Medium 6.3libcurl skips the certificate verification for a QUIC connection under certain conditions…Mar 27, 2024 JLSEC-2026-414Low 3.5When a protocol selection parameter option disables all protocols without adding any then…Mar 27, 2024 JLSEC-2026-185No summary availableMar 27, 2024 JLSEC-2026-105High 8.8Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANS…Mar 21, 2024 JLSEC-2026-104Medium 4.6Deno's improper suffix match testing for DENO_AUTH_TOKENSMar 21, 2024 JLSEC-2025-61libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use o…Mar 10, 2024 JLSEC-2026-103Medium 5.8Insufficient permission checking in `Deno.makeTemp*` APIsMar 5, 2024 JLSEC-2026-46No summary availableFeb 8, 2024 JLSEC-2025-186High 8.6libgit2 is a portable C implementation of the Git core methods provided as a linkable lib…Feb 6, 2024 JLSEC-2025-185High 7.5libgit2 is a portable C implementation of the Git core methods provided as a linkable lib…Feb 6, 2024 JLSEC-2025-59libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at c…Feb 4, 2024 JLSEC-2025-60libexpat through 2.5.0 allows a denial of service (resource consumption) because many ful…Feb 4, 2024 JLSEC-2025-83An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5Feb 4, 2024 JLSEC-2026-412Medium 5.3curl inadvertently kept the SSL session ID for connections in its cache even when the ver…Feb 3, 2024 JLSEC-2026-133No summary availableFeb 1, 2024 JLSEC-2025-224Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows…Jan 31, 2024 JLSEC-2025-223An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2Jan 31, 2024 JLSEC-2026-247Medium 5.5Null pointer dereference in PKCS12 parsingJan 26, 2024 JLSEC-2025-315An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted t…Jan 25, 2024 JLSEC-2026-179No summary availableJan 12, 2024 JLSEC-2026-245Medium 6.5Issue summary: The POLY1305 MAC (message authentication code) implementation contains a b…Jan 9, 2024 JLSEC-2026-70No summary availableDec 18, 2023 JLSEC-2026-69No summary availableDec 18, 2023 JLSEC-2025-95No summary availableDec 18, 2023 JLSEC-2026-45No summary availableDec 10, 2023 JLSEC-2026-44No summary availableDec 10, 2023 JLSEC-2026-43No summary availableDec 10, 2023 JLSEC-2026-411Medium 6.5This flaw allows a malicious HTTP server to set "super cookies" in curl that are then pas…Dec 7, 2023 JLSEC-2026-244Medium 5.3Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.…Nov 6, 2023 JLSEC-2025-314A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at to…Nov 2, 2023 JLSEC-2026-243High 7.5Issue summary: A bug has been identified in the processing of key and initialisation vect…Oct 25, 2023 JLSEC-2025-35This flaw allows an attacker to insert cookies at will into a running program using libcu…Oct 18, 2023 JLSEC-2025-34This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.Oct 18, 2023 JLSEC-2026-479No summary availableOct 14, 2023 JLSEC-2026-287No summary availableOct 12, 2023 JLSEC-2026-3The HTTP/2 protocol allows a denial of service (server resource consumption) because requ…Oct 10, 2023 JLSEC-2026-286No summary availableOct 10, 2023 JLSEC-2026-475No summary availableOct 10, 2023 JLSEC-2026-474No summary availableOct 10, 2023 JLSEC-2026-473No summary availableOct 10, 2023 JLSEC-2025-222Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.Oct 7, 2023 JLSEC-2025-82Withdrawnlibxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory al…Oct 6, 2023 JLSEC-2025-313A vulnerability was found in libtiff due to multiple potential integer overflows in raw2t…Oct 5, 2023 JLSEC-2025-312LibTIFF is vulnerable to an integer overflowOct 5, 2023 JLSEC-2025-310A memory leak flaw was found in Libtiff's tiffcrop utilityOct 4, 2023 JLSEC-2026-374No summary availableSep 30, 2023 JLSEC-2026-375No summary availableSep 28, 2023 JLSEC-2025-164A flaw was found in GLibSep 14, 2023 JLSEC-2025-163A flaw was found in GLibSep 14, 2023 JLSEC-2025-162A flaw was found in glib, where the gvariant deserialization code is vulnerable to a deni…Sep 14, 2023 JLSEC-2025-161A flaw was found in GLibSep 14, 2023 JLSEC-2025-160A flaw was found in GLibSep 14, 2023 JLSEC-2026-441No summary availableSep 12, 2023 JLSEC-2026-242High 7.8Issue summary: The POLY1305 MAC (message authentication code) implementation contains a b…Sep 8, 2023 JLSEC-2025-81Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2St…Aug 29, 2023 JLSEC-2026-178No summary availableAug 29, 2023 JLSEC-2025-176An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of ser…Aug 22, 2023 JLSEC-2025-311An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attacke…Aug 22, 2023 JLSEC-2026-202No summary availableAug 22, 2023 JLSEC-2026-21Buffer Overflow vulnerability in function `bitwriter_grow_` in flacAug 22, 2023 JLSEC-2025-189An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attacker…Aug 22, 2023 JLSEC-2026-201No summary availableAug 22, 2023 JLSEC-2026-200No summary availableAug 22, 2023 JLSEC-2026-450No summary availableAug 22, 2023 JLSEC-2026-449No summary availableAug 22, 2023 JLSEC-2026-448No summary availableAug 22, 2023 JLSEC-2026-447No summary availableAug 22, 2023 JLSEC-2026-446No summary availableAug 22, 2023 JLSEC-2026-445No summary availableAug 22, 2023 JLSEC-2025-309There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, whi…Aug 22, 2023 JLSEC-2025-124An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allow…Aug 11, 2023 JLSEC-2026-42No summary availableAug 11, 2023 JLSEC-2026-92No summary availableAug 7, 2023 JLSEC-2026-241Medium 5.3Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact s…Jul 31, 2023 JLSEC-2026-82No summary availableJul 31, 2023 JLSEC-2026-500No summary availableJul 25, 2023 JLSEC-2026-512No summary availableJul 22, 2023 JLSEC-2026-68No summary availableJul 20, 2023 JLSEC-2026-59No summary availableJul 18, 2023 JLSEC-2026-240Medium 5.3Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore …Jul 14, 2023 JLSEC-2026-2Envoy is a cloud-native high-performance edge/middle/service proxyJul 13, 2023 JLSEC-2025-308A flaw was found in libtiffJul 12, 2023 JLSEC-2026-499No summary availableJul 5, 2023 JLSEC-2025-307A null pointer dereference issue was found in Libtiff's tif_dir.c fileJun 30, 2023 JLSEC-2026-472No summary availableJun 28, 2023 JLSEC-2026-440No summary availableJun 20, 2023 JLSEC-2025-305A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (…Jun 19, 2023 JLSEC-2025-306loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free …Jun 14, 2023 JLSEC-2026-41No summary availableJun 9, 2023 JLSEC-2026-40No summary availableJun 9, 2023 JLSEC-2025-22D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemonJun 8, 2023 JLSEC-2026-19There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functionJun 6, 2023 JLSEC-2026-239Medium 6.5Issue summary: Processing some specially crafted ASN.1 object identifiers or data contain…May 30, 2023 JLSEC-2025-238Libarchive through 3.6.2 can cause directories to have world-writable permissionsMay 29, 2023 JLSEC-2026-410No summary availableMay 26, 2023 JLSEC-2026-409No summary availableMay 26, 2023 JLSEC-2026-408No summary availableMay 26, 2023 JLSEC-2026-407No summary availableMay 26, 2023 JLSEC-2025-304A vulnerability was found in the libtiff libraryMay 19, 2023 JLSEC-2025-302A vulnerability was found in the libtiff libraryMay 19, 2023 JLSEC-2025-303A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtif…May 17, 2023 JLSEC-2025-80An issue was discovered in libxml2 before 2.10.4Apr 24, 2023 JLSEC-2025-79In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL point…Apr 24, 2023 JLSEC-2026-238Medium 5.9Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform conta…Apr 20, 2023 JLSEC-2026-453No summary availableApr 14, 2023 JLSEC-2025-301A flaw was found in tiffcrop, a program distributed by the libtiff packageApr 10, 2023 JLSEC-2025-33An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses …Mar 30, 2023 JLSEC-2025-32A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separ…Mar 30, 2023 JLSEC-2025-30An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feat…Mar 30, 2023 JLSEC-2025-31An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reu…Mar 30, 2023 JLSEC-2026-406No summary availableMar 30, 2023 JLSEC-2026-405No summary availableMar 30, 2023 JLSEC-2026-203No summary availableMar 29, 2023 JLSEC-2025-123libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, lea…Mar 29, 2023 JLSEC-2026-237Medium 5.3The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certi…Mar 28, 2023 JLSEC-2026-236Medium 5.3Applications that use a non-default option when verifying certificates may be vulnerable …Mar 28, 2023 JLSEC-2026-102High 8.8Interactive `run` permission prompt spoofing via improper ANSI neutralizationMar 24, 2023 JLSEC-2026-235High 7.5A security vulnerability has been identified in all supported versions of OpenSSL related…Mar 22, 2023 JLSEC-2026-67No summary availableMar 17, 2023 JLSEC-2025-300LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attacke…Mar 3, 2023 JLSEC-2026-39No summary availableMar 3, 2023 JLSEC-2026-101No summary availableFeb 25, 2023 JLSEC-2026-404No summary availableFeb 23, 2023 JLSEC-2026-403No summary availableFeb 23, 2023 JLSEC-2026-402No summary availableFeb 23, 2023 JLSEC-2026-20No summary availableFeb 21, 2023 JLSEC-2025-181WithdrawnUncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 202…Feb 16, 2023 JLSEC-2025-298LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing a…Feb 13, 2023 JLSEC-2025-299LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing a…Feb 13, 2023 JLSEC-2025-297LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing a…Feb 13, 2023 JLSEC-2025-296LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked b…Feb 13, 2023 JLSEC-2025-295LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing a…Feb 13, 2023 JLSEC-2025-294LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing at…Feb 13, 2023 JLSEC-2025-293LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing at…Feb 13, 2023 JLSEC-2025-292LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by…Feb 13, 2023 JLSEC-2025-291LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing at…Feb 13, 2023 JLSEC-2025-290LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing at…Feb 13, 2023 JLSEC-2026-401No summary availableFeb 9, 2023 JLSEC-2026-234High 7.4Vulnerable OpenSSL included in cryptography wheelsFeb 8, 2023 JLSEC-2026-233High 7.5openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`Feb 8, 2023 JLSEC-2026-232High 7.5openssl-src contains Double free after calling `PEM_read_bio_ex`Feb 8, 2023 JLSEC-2026-231Medium 5.9openssl-src subject to Timing Oracle in RSA DecryptionFeb 8, 2023 JLSEC-2026-285No summary availableFeb 7, 2023 JLSEC-2026-284No summary availableFeb 7, 2023 JLSEC-2026-283No summary availableFeb 6, 2023 JLSEC-2025-175hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) gro…Feb 4, 2023 JLSEC-2026-66No summary availableFeb 3, 2023 JLSEC-2026-184No summary availableJan 30, 2023 JLSEC-2025-289processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffe…Jan 23, 2023 JLSEC-2025-184Medium 5.3libgit2 is a cross-platform, linkable library implementation of GitJan 20, 2023 JLSEC-2026-100High 7.5Deno is vulnerable to race condition via interactive permission prompt spoofingJan 17, 2023 JLSEC-2025-221Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in…Jan 17, 2023 JLSEC-2026-365No summary availableJan 12, 2023 JLSEC-2025-93A vulnerability was found in the Libksba library due to an integer overflow within the CR…Jan 12, 2023 JLSEC-2025-122A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() funct…Jan 12, 2023 JLSEC-2026-204No summary availableJan 4, 2023 JLSEC-2026-91No summary availableDec 25, 2022 JLSEC-2026-400No summary availableDec 23, 2022 JLSEC-2026-57No summary availableDec 20, 2022 JLSEC-2025-121An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c…Dec 16, 2022 JLSEC-2025-220An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0Dec 15, 2022 JLSEC-2025-219An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0Dec 15, 2022 JLSEC-2026-396No summary availableDec 5, 2022 JLSEC-2025-78An issue was discovered in libxml2 before 2.10.3Nov 23, 2022 JLSEC-2025-77An issue was discovered in libxml2 before 2.10.3Nov 23, 2022 JLSEC-2025-237In libarchive before 3.6.2, the software does not check for an error after calling calloc…Nov 22, 2022 JLSEC-2025-288A vulnerability was found in LibTIFFNov 13, 2022 JLSEC-2025-120A vulnerability classified as problematic has been found in ffmpegNov 13, 2022 JLSEC-2026-175No summary availableNov 3, 2022 JLSEC-2026-398No summary availableOct 29, 2022 JLSEC-2026-399No summary availableOct 29, 2022 JLSEC-2025-58In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a…Oct 24, 2022 JLSEC-2025-287LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when ca…Oct 21, 2022 JLSEC-2025-286LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when ca…Oct 21, 2022 JLSEC-2025-285LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, a…Oct 21, 2022 JLSEC-2025-284LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/ti…Oct 21, 2022 JLSEC-2025-283LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when ca…Oct 21, 2022 JLSEC-2025-282Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 all…Oct 21, 2022 JLSEC-2025-21An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.1…Oct 10, 2022 JLSEC-2025-20An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.1…Oct 10, 2022 JLSEC-2025-19An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.1…Oct 10, 2022 JLSEC-2026-97No summary availableSep 23, 2022 JLSEC-2026-397No summary availableSep 23, 2022 JLSEC-2025-57libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.Sep 14, 2022 JLSEC-2026-210No summary availableSep 9, 2022 JLSEC-2026-289No summary availableSep 9, 2022 JLSEC-2026-186No summary availableSep 6, 2022 JLSEC-2025-172A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi…Sep 6, 2022 JLSEC-2025-171A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribid…Sep 6, 2022 JLSEC-2025-170A stack-based buffer overflow flaw was found in the Fribidi packageSep 6, 2022 JLSEC-2026-37No summary availableAug 31, 2022 JLSEC-2025-281A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() functionAug 31, 2022 JLSEC-2025-280A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped()…Aug 31, 2022 JLSEC-2026-61No summary availableAug 31, 2022 JLSEC-2026-81No summary availableAug 30, 2022 JLSEC-2025-279LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, …Aug 29, 2022 JLSEC-2026-36No summary availableAug 25, 2022 JLSEC-2025-193A logic error was found in the libmount library of util-linux in the function that allows…Aug 23, 2022 JLSEC-2025-192A logic error was found in the libmount library of util-linux in the function that allows…Aug 23, 2022 JLSEC-2025-159A flaw was found in glib before version 2.63.6Aug 23, 2022 JLSEC-2025-236An improper link resolution flaw can occur while extracting an archive leading to changin…Aug 23, 2022 JLSEC-2025-235An improper link resolution flaw while extracting an archive can lead to changing the acc…Aug 23, 2022 JLSEC-2026-80No summary availableAug 22, 2022 JLSEC-2026-38No summary availableAug 18, 2022 JLSEC-2025-278libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and wr…Aug 17, 2022 JLSEC-2025-277libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of b…Aug 17, 2022 JLSEC-2025-276libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read a…Aug 17, 2022 JLSEC-2026-478No summary availableAug 5, 2022 JLSEC-2025-275A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0Jul 29, 2022 JLSEC-2025-76Possible cross-site scripting vulnerability in libxml after commit 960f0e2.Jul 28, 2022 JLSEC-2025-218An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0Jul 15, 2022 JLSEC-2026-395No summary availableJul 7, 2022 JLSEC-2026-394No summary availableJul 7, 2022 JLSEC-2026-393No summary availableJul 7, 2022 JLSEC-2026-392No summary availableJul 7, 2022 JLSEC-2026-230AES OCB fails to encrypt some bytesJul 5, 2022 JLSEC-2025-92GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key inf…Jul 1, 2022 JLSEC-2025-274Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-s…Jun 30, 2022 JLSEC-2025-273Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-s…Jun 30, 2022 JLSEC-2025-272Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-s…Jun 30, 2022 JLSEC-2026-229Critical 9.8In addition to the c_rehash shell command injection identified in CVE-2022-1292, further.…Jun 21, 2022 JLSEC-2025-180The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading …Jun 18, 2022 JLSEC-2026-99No summary availableJun 12, 2022 JLSEC-2026-391No summary availableJun 2, 2022 JLSEC-2026-390No summary availableJun 2, 2022 JLSEC-2026-389No summary availableJun 2, 2022 JLSEC-2026-388No summary availableJun 2, 2022 JLSEC-2026-387No summary availableJun 2, 2022 JLSEC-2026-386No summary availableJun 2, 2022 JLSEC-2026-385No summary availableMay 26, 2022 JLSEC-2025-271LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, al…May 11, 2022 JLSEC-2025-270LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, al…May 11, 2022 JLSEC-2026-174No summary availableMay 4, 2022 JLSEC-2026-127No summary availableMay 4, 2022 JLSEC-2026-228Critical 9.8The c_rehash script does not properly sanitise shell metacharacters to prevent command in…May 3, 2022 JLSEC-2025-75In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c…May 3, 2022 JLSEC-2025-119An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.…May 2, 2022 JLSEC-2026-459No summary availableApr 22, 2022 JLSEC-2026-458No summary availableApr 22, 2022 JLSEC-2026-457No summary availableApr 22, 2022 JLSEC-2026-452No summary availableApr 18, 2022 JLSEC-2025-268A vulnerability classified as problematic was found in LibTIFF 4.3.0Apr 3, 2022 JLSEC-2026-364No summary availableApr 1, 2022 JLSEC-2025-269Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-…Mar 28, 2022 JLSEC-2026-131No summary availableMar 25, 2022 JLSEC-2026-130No summary availableMar 25, 2022 JLSEC-2026-477No summary availableMar 25, 2022 JLSEC-2025-217A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkc…Mar 24, 2022 JLSEC-2026-227openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificatesMar 15, 2022 JLSEC-2025-267Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of…Mar 11, 2022 JLSEC-2025-266Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-s…Mar 11, 2022 JLSEC-2025-265Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag …Mar 11, 2022 JLSEC-2025-264Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows at…Mar 11, 2022 JLSEC-2025-263A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library V…Mar 10, 2022 JLSEC-2025-262Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-serv…Mar 10, 2022 JLSEC-2026-29No summary availableMar 4, 2022 JLSEC-2026-35No summary availableMar 2, 2022 JLSEC-2026-30No summary availableMar 2, 2022 JLSEC-2025-74valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.Feb 26, 2022 JLSEC-2025-191A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline su…Feb 21, 2022 JLSEC-2025-56In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.Feb 18, 2022 JLSEC-2025-55In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.Feb 18, 2022 JLSEC-2025-54In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_m…Feb 18, 2022 JLSEC-2025-53xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-sepa…Feb 16, 2022 JLSEC-2025-52xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, …Feb 16, 2022 JLSEC-2025-261Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory()…Feb 11, 2022 JLSEC-2025-260Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing…Feb 11, 2022 JLSEC-2026-226There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC alg…Jan 28, 2022 JLSEC-2025-51Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.Jan 26, 2022 JLSEC-2025-50Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for con…Jan 24, 2022 JLSEC-2025-259LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situation…Jan 10, 2022 JLSEC-2025-49storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.Jan 10, 2022 JLSEC-2025-48nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overfl…Jan 10, 2022 JLSEC-2025-47lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.Jan 10, 2022 JLSEC-2025-46defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflo…Jan 10, 2022 JLSEC-2025-45build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.Jan 10, 2022 JLSEC-2025-44addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.Jan 10, 2022 JLSEC-2025-43In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exist…Jan 6, 2022 JLSEC-2025-42In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtt…Jan 1, 2022 JLSEC-2026-132No summary availableJan 1, 2022 JLSEC-2025-216In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based de…Dec 21, 2021 JLSEC-2025-215In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_enc…Dec 21, 2021 JLSEC-2025-214Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstra…Dec 20, 2021 JLSEC-2025-6An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions …Dec 8, 2021 JLSEC-2026-32No summary availableOct 11, 2021 JLSEC-2026-33No summary availableOct 8, 2021 JLSEC-2026-65No summary availableSep 26, 2021 JLSEC-2025-29When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumsta…Sep 23, 2021 JLSEC-2026-451No summary availableSep 20, 2021 JLSEC-2026-483No summary availableSep 9, 2021 JLSEC-2026-482No summary availableSep 9, 2021 JLSEC-2026-361No summary availableSep 8, 2021 JLSEC-2026-481No summary availableSep 7, 2021 JLSEC-2026-124No summary availableSep 6, 2021 JLSEC-2026-129No summary availableAug 25, 2021 JLSEC-2026-199No summary availableAug 25, 2021 JLSEC-2025-195An integer overflow was addressed with improved input validationAug 24, 2021 JLSEC-2026-225High 7.4Read buffer overruns processing ASN.1 stringsAug 24, 2021 JLSEC-2026-224SM2 Decryption Buffer OverflowAug 24, 2021 JLSEC-2025-213An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.1…Aug 23, 2021 JLSEC-2025-212An issue was discovered in Mbed TLS before 2.24.0Aug 23, 2021 JLSEC-2025-211An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.1…Aug 23, 2021 JLSEC-2025-210An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.1…Aug 23, 2021 JLSEC-2025-118adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_…Aug 21, 2021 JLSEC-2025-117FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an as…Aug 12, 2021 JLSEC-2025-116Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigne…Aug 5, 2021 JLSEC-2025-28libcurl keeps previously used connections in a connection pool for subsequenttransfers to…Aug 5, 2021 JLSEC-2026-360No summary availableAug 4, 2021 JLSEC-2025-115libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc funct…Aug 4, 2021 JLSEC-2025-190WithdrawnAn integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow …Jul 30, 2021 JLSEC-2025-234libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncomp…Jul 20, 2021 JLSEC-2026-282No summary availableJul 20, 2021 JLSEC-2025-209An issue was discovered in Arm Mbed TLS before 2.24.0Jul 19, 2021 JLSEC-2025-208An issue was discovered in Arm Mbed TLS before 2.24.0Jul 19, 2021 JLSEC-2025-207An issue was discovered in Arm Mbed TLS before 2.24.0Jul 19, 2021 JLSEC-2025-206An issue was discovered in Arm Mbed TLS before 2.23.0Jul 19, 2021 JLSEC-2025-205An issue was discovered in Arm Mbed TLS before 2.23.0Jul 19, 2021 JLSEC-2025-204An issue was discovered in Arm Mbed TLS before 2.23.0Jul 19, 2021 JLSEC-2025-203In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file deco…Jul 14, 2021 JLSEC-2025-73A flaw was found in libxml2Jul 9, 2021 JLSEC-2026-128No summary availableJul 6, 2021 JLSEC-2026-123No summary availableJun 8, 2021 JLSEC-2025-114dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access bec…Jun 3, 2021 JLSEC-2025-179Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" componentJun 1, 2021 JLSEC-2026-31No summary availableJun 1, 2021 JLSEC-2026-98Critical 9.8Deno's static imports inside dynamically imported modules do not adhere to permission che…May 28, 2021 JLSEC-2026-517No summary availableMay 28, 2021 JLSEC-2026-516No summary availableMay 28, 2021 JLSEC-2026-162No summary availableMay 28, 2021 JLSEC-2026-471No summary availableMay 27, 2021 JLSEC-2025-113Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcode…May 24, 2021 JLSEC-2025-72There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.…May 19, 2021 JLSEC-2026-476No summary availableMay 18, 2021 JLSEC-2025-71There's a flaw in libxml2 in versions before 2.9.11May 18, 2021 JLSEC-2026-161No summary availableMay 18, 2021 JLSEC-2025-70A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagat…May 14, 2021 JLSEC-2026-118No summary availableApr 29, 2021 JLSEC-2025-112FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted fil…Apr 7, 2021 JLSEC-2025-27curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS …Apr 1, 2021 JLSEC-2025-26curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Info…Apr 1, 2021 JLSEC-2026-34No summary availableApr 1, 2021 JLSEC-2026-515No summary availableApr 1, 2021 JLSEC-2026-514No summary availableApr 1, 2021 JLSEC-2026-183No summary availableMar 26, 2021 JLSEC-2026-223openssl-src NULL pointer Dereference in signature_algorithms processingMar 25, 2021 JLSEC-2026-154No summary availableMar 23, 2021 JLSEC-2025-17A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4Mar 18, 2021 JLSEC-2026-209No summary availableMar 12, 2021 JLSEC-2026-208No summary availableMar 12, 2021 JLSEC-2026-207No summary availableMar 12, 2021 JLSEC-2026-206No summary availableMar 12, 2021 JLSEC-2025-158An issue was discovered in GNOME GLib before 2.66.8Mar 11, 2021 JLSEC-2026-205No summary availableMar 11, 2021 JLSEC-2025-258A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in …Mar 9, 2021 JLSEC-2025-257An integer overflow flaw was found in libtiff that exists in the tif_getimage.c fileMar 9, 2021 JLSEC-2025-256In LibTIFF, there is a memory malloc failure in tif_pixarlog.cMar 9, 2021 JLSEC-2025-255A flaw was found in libtiffMar 9, 2021 JLSEC-2026-64No summary availableMar 5, 2021 JLSEC-2026-121Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the…Mar 4, 2021 JLSEC-2026-222Integer Overflow in openssl-srcFeb 16, 2021 JLSEC-2026-221High 7.5Integer Overflow in openssl-srcFeb 16, 2021 JLSEC-2025-157An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3Feb 15, 2021 JLSEC-2025-156An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4Feb 15, 2021 JLSEC-2026-173No summary availableFeb 14, 2021 JLSEC-2026-172No summary availableJan 26, 2021 JLSEC-2026-171No summary availableJan 26, 2021 JLSEC-2026-170No summary availableJan 26, 2021 JLSEC-2026-169No summary availableJan 26, 2021 JLSEC-2026-168No summary availableJan 26, 2021 JLSEC-2026-167No summary availableJan 26, 2021 JLSEC-2026-166No summary availableJan 26, 2021 JLSEC-2026-165No summary availableJan 26, 2021 JLSEC-2026-164No summary availableJan 26, 2021 JLSEC-2026-163No summary availableJan 26, 2021 JLSEC-2026-363No summary availableJan 19, 2021 JLSEC-2026-362No summary availableJan 19, 2021 JLSEC-2025-111decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of er…Jan 4, 2021 JLSEC-2025-110track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because …Jan 3, 2021 JLSEC-2025-155GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds wri…Dec 14, 2020 JLSEC-2025-25curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation …Dec 14, 2020 JLSEC-2025-24curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stac…Dec 14, 2020 JLSEC-2025-23Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connect…Dec 14, 2020 JLSEC-2026-220The X.509 GeneralName type is a generic type for representing different types of names. O…Dec 8, 2020 JLSEC-2026-160No summary availableDec 8, 2020 JLSEC-2026-28No summary availableNov 23, 2020 JLSEC-2026-278No summary availableNov 19, 2020 JLSEC-2026-27No summary availableNov 16, 2020 JLSEC-2026-26No summary availableNov 16, 2020 JLSEC-2026-456No summary availableNov 3, 2020 JLSEC-2026-155No summary availableOct 16, 2020 JLSEC-2026-470High 7.8An integer overflow vulnerability leading to a double-free was found in libX11. This flaw…Sep 11, 2020 JLSEC-2026-513High 7.5No summary availableSep 11, 2020 JLSEC-2025-69GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEnt…Sep 4, 2020 JLSEC-2025-202A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted…Sep 2, 2020 JLSEC-2026-25No summary availableAug 24, 2020 JLSEC-2026-24No summary availableAug 24, 2020 JLSEC-2026-469Medium 6.7An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XI…Aug 5, 2020 JLSEC-2026-63No summary availableJun 29, 2020 JLSEC-2025-109FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobu…Jun 16, 2020 JLSEC-2026-177No summary availableJun 15, 2020 JLSEC-2026-117No summary availableJun 15, 2020 JLSEC-2026-176No summary availableJun 15, 2020 JLSEC-2025-18An issue was discovered in dbus >= 1.3.0 before 1.12.18Jun 8, 2020 JLSEC-2026-1In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes d…Jun 3, 2020 JLSEC-2026-211No summary availableMay 20, 2020 JLSEC-2025-108cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based…Apr 28, 2020 JLSEC-2025-183An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0Apr 27, 2020 JLSEC-2025-182An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0Apr 27, 2020 JLSEC-2026-219Null pointer deference in openssl-srcApr 21, 2020 JLSEC-2025-201An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15Apr 15, 2020 JLSEC-2026-18No summary availableMar 25, 2020 JLSEC-2025-200Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA priva…Mar 24, 2020 JLSEC-2026-58No summary availableMar 12, 2020 JLSEC-2026-511No summary availableFeb 2, 2020 JLSEC-2025-199The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through…Jan 23, 2020 JLSEC-2025-68xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certai…Jan 21, 2020 JLSEC-2025-67xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memor…Jan 21, 2020 JLSEC-2025-66xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak…Dec 24, 2019 JLSEC-2026-216There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiati…Dec 6, 2019 JLSEC-2025-169A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bi…Nov 13, 2019 JLSEC-2026-507No summary availableNov 6, 2019 JLSEC-2026-506No summary availableNov 6, 2019 JLSEC-2026-505No summary availableNov 6, 2019 JLSEC-2025-188In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an i…Oct 21, 2019 JLSEC-2026-444No summary availableOct 14, 2019 JLSEC-2026-443No summary availableOct 14, 2019 JLSEC-2025-254tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other product…Oct 14, 2019 JLSEC-2025-107FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-…Oct 14, 2019 JLSEC-2025-106In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereferen…Oct 14, 2019 JLSEC-2025-198Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is …Sep 26, 2019 JLSEC-2026-218In situations where an attacker receives automated notification of the success or failure…Sep 10, 2019 JLSEC-2026-215OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to …Sep 10, 2019 JLSEC-2026-214Normally in OpenSSL EC groups always have a co-factor present and this is used in side ch…Sep 10, 2019 JLSEC-2025-105FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue …Sep 5, 2019 JLSEC-2025-41In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD …Sep 4, 2019 JLSEC-2026-13No summary availableAug 16, 2019 JLSEC-2025-253_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle I…Aug 14, 2019 JLSEC-2026-217OpenSSL has internal defaults for a directory tree where it can find a configuration file…Jul 30, 2019 JLSEC-2026-17No summary availableJul 26, 2019 JLSEC-2026-455Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based…Jul 19, 2019 JLSEC-2026-16No summary availableJul 17, 2019 JLSEC-2025-154The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directorie…Jun 28, 2019 JLSEC-2025-11BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when the…Jun 19, 2019 JLSEC-2025-153file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly r…May 29, 2019 JLSEC-2026-504No summary availableApr 23, 2019 JLSEC-2025-104The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4…Apr 19, 2019 JLSEC-2025-103A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog…Mar 12, 2019 JLSEC-2025-102In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to ho…Mar 12, 2019 JLSEC-2025-252An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in…Feb 9, 2019 JLSEC-2025-101FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability i…Feb 4, 2019 JLSEC-2025-16An issue was discovered in cairo 1.16.0Jan 16, 2019 JLSEC-2025-15An issue was discovered in cairo 1.16.0Jan 16, 2019 JLSEC-2026-510No summary availableJan 14, 2019 JLSEC-2026-509No summary availableJan 14, 2019 JLSEC-2026-508No summary availableJan 14, 2019 JLSEC-2025-251The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrate…Jan 11, 2019 JLSEC-2025-178The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant …Dec 21, 2018 JLSEC-2026-198No summary availableDec 20, 2018 JLSEC-2026-503No summary availableDec 17, 2018 JLSEC-2025-14cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using …Dec 5, 2018 JLSEC-2026-502No summary availableDec 3, 2018 JLSEC-2026-501No summary availableDec 3, 2018 JLSEC-2025-177libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in w…Nov 29, 2018 JLSEC-2026-442No summary availableNov 12, 2018 JLSEC-2025-174An issue was discovered in GNU gettext 0.19.8Oct 29, 2018 JLSEC-2025-13cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a craf…Oct 8, 2018 JLSEC-2026-490No summary availableSep 4, 2018 JLSEC-2026-12No summary availableApr 6, 2018 JLSEC-2026-15No summary availableFeb 13, 2018 JLSEC-2026-14No summary availableFeb 13, 2018 JLSEC-2026-22No summary availableJul 30, 2017 JLSEC-2025-12cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a de…Jul 17, 2017 JLSEC-2026-23No summary availableApr 3, 2017 JLSEC-2025-10Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to ca…Jun 30, 2016