GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
339 advisories
Filter by severity
Unaligned memory allocation in chunky
High
CVE-2020-36433
was published
for
chunky
(Rust)
Aug 25, 2021
Data race in ruspiro-singleton
High
CVE-2020-36435
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
HTTP Request Smuggling in actix-http
High
CVE-2021-38512
was published
for
actix-http
(Rust)
Aug 25, 2021
Links in archive can create arbitrary directories
High
CVE-2021-38511
was published
for
tar
(Rust)
Aug 25, 2021
Uninitialized memory use in generator
High
CVE-2019-16144
was published
for
generator
(Rust)
Aug 25, 2021
Format string vulnerabilities in pancurses
High
CVE-2019-15546
was published
for
pancurses
(Rust)
Aug 25, 2021
Mishandling of format strings in ncurses
High
CVE-2019-15547
was published
for
ncurses
(Rust)
Aug 25, 2021
SyncChannel<T> can move 'T: !Send' to other threads
High
GHSA-8892-84wf-cg8f
was published
for
signal-simple
(Rust)
Aug 25, 2021
Slock<T> allows sending non-Send types across thread boundaries
High
GHSA-83r8-p8v6-6gfm
was published
for
slock
(Rust)
Aug 25, 2021
Data races in tiny_future
High
GHSA-m296-j53x-xv95
was published
for
tiny_future
(Rust)
Aug 25, 2021
Data races in ticketed_lock
High
GHSA-gq4h-f254-7cw9
was published
for
ticketed_lock
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API