Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
rustls-webpki: CPU denial of service in certificate path building High
GHSA-fh2r-99q2-6mmg was published for rustls-webpki (Rust) Aug 22, 2023
Marcono1234
webpki: CPU denial of service in certificate path building High
GHSA-8qv2-5vq6-g2g7 was published for webpki (Rust) Aug 25, 2023
nipunn1313 phil-opp
Use of Uninitialized Resource in smallvec High
CVE-2018-25023 was published for smallvec (Rust) Jan 6, 2022
tdunlap607
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
BER/CER/DER decoder panics on invalid input High
CVE-2023-39914 was published for bcder (Rust) Sep 13, 2023
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen BrynCooke
BryanBarron jasonbarnett667 shorgi
zola Path Traversal vulnerability High
CVE-2023-40274 was published for zola (Rust) Aug 14, 2023
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
lol-html panics on certain HTML inputs High
CVE-2023-4241 was published for lol-html (Rust) Aug 9, 2023
Invalid handling of `X509_verify_cert()` internal errors in libssl High
CVE-2021-4044 was published for openssl-src (Rust) Dec 15, 2021
pinkforest
Double free in glsl-layout High
CVE-2021-25902 was published for glsl-layout (Rust) Aug 25, 2021
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 gferon
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
Incorrect implementation in streebog High
CVE-2019-25007 was published for streebog (Rust) Aug 25, 2021
urlnorm vulnerable to Regular Expression Denial of Service High
CVE-2023-33289 was published for urlnorm (Rust) Jun 21, 2023
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
Cargo not respecting umask when extracting crate archives High
CVE-2023-38497 was published for cargo (Rust) Aug 3, 2023
addisoncrump pietroalbini
weihanglo ehuss cuviper Manishearth
blurhash panics on parsing crafted inputs High
CVE-2023-42447 was published for blurhash (Rust) Sep 21, 2023
rubdos
Insufficient covariance check makes self_cell unsound High
GHSA-48m6-wm5p-rr6h was published for self_cell (Rust) Nov 14, 2023
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Full Table Permissions by Default High
GHSA-x5fr-7hhj-34j3 was published for surrealdb (Rust) Dec 15, 2023
LucyEgan
ProTip! Advisories are also available from the GraphQL API