GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
849 advisories
Filter by severity
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Moderate
GHSA-m52v-24p8-654f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception Handling Nonexistent Role
Moderate
GHSA-jc55-246c-r88f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception in Function Generating Random Time
Moderate
GHSA-h4f5-h82v-5w4r
was published
for
surrealdb
(Rust)
Nov 22, 2024
Memory access due to code generation flaw in Cranelift module
High
CVE-2021-32629
was published
for
cranelift-codegen
(pip)
Aug 25, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s
Moderate
CVE-2021-39219
was published
for
wasmtime
(pip)
Sep 20, 2021
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Moderate
CVE-2021-39218
was published
for
wasmtime
(pip)
Sep 20, 2021
Use after free passing `externref`s to Wasm in Wasmtime
Moderate
CVE-2021-39216
was published
for
wasmtime
(pip)
Sep 20, 2021
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Moderate
GHSA-jp37-5qhw-mffw
was published
for
sharks
(Rust)
Nov 18, 2024
gix-path can use a fake program files location
High
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Moderate
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
panic on parsing crafted phonenumber inputs
Critical
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
zlib-rs stack overflow during decompression with malicious input
Moderate
GHSA-j3px-q95c-9683
was published
for
libz-rs-sys
(Rust)
Nov 14, 2024
s2n-tls has undefined behavior at process exit
Low
GHSA-rp9h-rf7g-hwgr
was published
for
s2n-tls
(Rust)
Nov 14, 2024
Mimalloc Can Allocate Memory with Bad Alignment
Moderate
GHSA-g23h-7vf9-xc25
was published
for
mimalloc
(Rust)
Nov 12, 2024
paillier-zk has ambiguous challenge derivation
Low
GHSA-fpr5-jp2j-4q2f
was published
for
paillier-zk
(Rust)
Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation
Low
GHSA-rm66-9gh4-4gp8
was published
for
cggmp21
(Rust)
Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Moderate
GHSA-pqpw-89w5-82v5
was published
for
simd-json-derive
(Rust)
Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation
Low
GHSA-7jjx-3qw9-j6h6
was published
for
cggmp21-keygen
(Rust)
Nov 12, 2024
`fast-float` has multiple soundness issues
Low
GHSA-x8jh-xj3x-gx3c
was published
for
fast-float
(Rust)
Nov 12, 2024
sp1 has insufficient observation of cumulative sum
Low
GHSA-8m24-3cfx-9fjw
was published
for
sp1-recursion-circuit
(Rust)
Nov 8, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
ProTip!
Advisories are also available from the
GraphQL API