GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Low
GHSA-j57r-4qw6-58r3
was published
for
rusty-paseto
(Rust)
Nov 7, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
Multiple soundness issues in lexical
Low
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners
Low
GHSA-gch5-hwqf-mxhp
was published
for
intaglio
(Rust)
Jul 27, 2023
Potential denial of service after connection migration
Low
GHSA-rfhg-rjfp-9q8q
was published
for
s2n-quic
(Rust)
Jul 24, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service
Low
CVE-2023-33290
was published
for
git-url-parse
(Rust)
Jun 12, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic
Low
GHSA-29mf-62xx-28jq
was published
for
buffered-reader
(Rust)
Jun 6, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Low
GHSA-25mx-8f3v-8wh7
was published
for
sequoia-openpgp
(Rust)
Jun 6, 2023
Undefined Behavior in Rust runtime functions
Low
CVE-2023-30624
was published
for
wasmtime
(Rust)
Apr 27, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Low
CVE-2023-27477
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Low
GHSA-p2gm-ffr3-w2xw
was published
for
ckb
(Rust)
Feb 8, 2023
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Low
GHSA-fjj4-2q73-jvgc
was published
for
ckb
(Rust)
Feb 8, 2023
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Low
GHSA-4q83-7cq4-p6wg
was published
for
tokio
(Rust)
Feb 4, 2023
linux-loader reading beyond EOF could lead to infinite loop
Low
CVE-2022-23523
was published
for
linux-loader
(Rust)
Dec 12, 2022
ProTip!
Advisories are also available from the
GraphQL API