Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
Out of bounds read in bumpalo High
CVE-2020-35861 was published for bumpalo (Rust) Aug 25, 2021
Use-after-free in actix-http High
CVE-2020-35901 was published for actix-http (Rust) Aug 25, 2021
Memory exhaustion in asn1_der High
CVE-2019-15549 was published for asn1_der (Rust) Aug 25, 2021
Missing release of memory in sized-chunks High
CVE-2020-25794 was published for sized-chunks (Rust) Aug 25, 2021
Array size is not checked in sized-chunks High
CVE-2020-25791 was published for sized-chunks (Rust) Aug 25, 2021
Counter overflow in chacha20 High
CVE-2019-25005 was published for chacha20 (Rust) Aug 25, 2021
Double free in basic_dsp_matrix High
CVE-2021-25906 was published for basic_dsp_matrix (Rust) Aug 25, 2021
Use of Uninitialized Resource in truetype High
CVE-2021-28030 was published for truetype (Rust) Aug 25, 2021
Remote memory exhaustion in ckb High
GHSA-48vq-8jqv-gm6f was published for ckb (Rust) Aug 25, 2021
Miner fails to get block template when a cell used as a cell dep has been destroyed. High
GHSA-v666-6w97-pcwm was published for ckb (Rust) Aug 25, 2021
Null pointer deference in av-data High
CVE-2021-25904 was published for av-data (Rust) Aug 25, 2021
Free of uninitialized memory in autorand High
CVE-2020-36210 was published for autorand (Rust) Aug 25, 2021
fake-static allows converting any reference into a `'static` reference High
GHSA-8xw8-mmqv-frqq was published for fake-static (Rust) Aug 25, 2021
Use after free in libpulse-binding High
GHSA-ghpq-vjxw-ch5w was published for libpulse-binding (Rust) Aug 25, 2021
DoS Vulnerability from Upstream Actix Web Issues High
GHSA-gjrj-9rj4-pgwx was published for perseus-actix-web (Rust) Dec 15, 2021
phaleth
Data races in aovec High
CVE-2020-36207 was published for aovec (Rust) Aug 25, 2021
Memory safety violation in crayon High
CVE-2020-35889 was published for crayon (Rust) Aug 25, 2021
Double free in fil-ocl High
CVE-2021-25908 was published for fil-ocl (Rust) Aug 25, 2021
Double free in insert_many High
CVE-2021-29933 was published for insert_many (Rust) Aug 25, 2021
Null pointer deference in cache High
CVE-2021-25903 was published for cache (Rust) Aug 25, 2021
Double free in endian_trait High
CVE-2021-29929 was published for endian_trait (Rust) Aug 25, 2021
Double free in algorithmica High
CVE-2021-31996 was published for algorithmica (Rust) Aug 25, 2021
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
ProTip! Advisories are also available from the GraphQL API