Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

780 advisories

Double free in insert_many High
CVE-2021-29933 was published for insert_many (Rust) Aug 25, 2021
MvccRwLock allows data races & aliasing violations Moderate
GHSA-mgg8-9pvp-6qcw was published for noise_search (Rust) Aug 25, 2021 withdrawn
Assumed memory layout of std::net::SocketAddr Moderate
GHSA-p5w9-856p-8q4g was published for socket2 (Rust) Aug 25, 2021 withdrawn
Unaligned memory access in rand_core Critical
CVE-2020-25576 was published for rand_core (Rust) Aug 25, 2021
rillian
Data races in generator Moderate
GHSA-h6gg-fvf5-qgwf was published for generator (Rust) Aug 25, 2021 withdrawn
Data race in internment Critical
CVE-2021-28037 was published for internment (Rust) Aug 25, 2021
Double free in fil-ocl High
CVE-2021-25908 was published for fil-ocl (Rust) Aug 25, 2021
Memory safety violation in crayon High
CVE-2020-35889 was published for crayon (Rust) Aug 25, 2021
Double free in through Critical
CVE-2021-29940 was published for through (Rust) Aug 25, 2021
Unsoundness in bigint Critical
CVE-2020-35880 was published for bigint (Rust) Aug 25, 2021
NULL Pointer Dereference in cbox Critical
CVE-2020-35860 was published for cbox (Rust) Aug 25, 2021
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
VecStorage Deserialize Allows Violation of Length Invariant Moderate
GHSA-h3mf-4fwp-59c7 was published for nalgebra (Rust) Aug 5, 2021 withdrawn
Queue<T> should have a Send bound on its Send/Sync traits Moderate
GHSA-v42f-j8fx-99f3 was published for scottqueue (Rust) Aug 25, 2021 withdrawn
Free of uninitialized memory in adtensor Critical
CVE-2021-29936 was published for adtensor (Rust) Aug 25, 2021
Data races in aovec High
CVE-2020-36207 was published for aovec (Rust) Aug 25, 2021
Data race in may_queue Moderate
CVE-2020-36217 was published for may_queue (Rust) Aug 25, 2021
Data races in thex Moderate
CVE-2020-35927 was published for thex (Rust) Aug 25, 2021
Out of bounds write in traitobject Critical
CVE-2020-35881 was published for traitobject (Rust) Aug 25, 2021
DoS Vulnerability from Upstream Actix Web Issues High
GHSA-gjrj-9rj4-pgwx was published for perseus-actix-web (Rust) Dec 15, 2021
phaleth
Partial read is incorrect in molecule Moderate
GHSA-82hm-vh7g-hrh9 was published for molecule (Rust) Aug 25, 2021
Use after free in libpulse-binding High
GHSA-ghpq-vjxw-ch5w was published for libpulse-binding (Rust) Aug 25, 2021
smallvec creates uninitialized value of any type Moderate
GHSA-66p5-j55p-32r9 was published for smallvec (Rust) Aug 25, 2021
Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021
fake-static allows converting any reference into a `'static` reference High
GHSA-8xw8-mmqv-frqq was published for fake-static (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API