GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
793 advisories
Filter by severity
git2-rs fails to verify SSH keys by default
Moderate
GHSA-m4ch-rfv5-x5g3
was published
for
git2
(Rust)
Jan 20, 2023
ELF header parsing library doesn't check for valid offset
Moderate
GHSA-g6pw-999w-j75m
was published
for
elf_rs
(Rust)
Jan 20, 2023
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Moderate
GHSA-f85w-wvc7-crwc
was published
for
bumpalo
(Rust)
Jan 20, 2023
Candy Machine Set Collection During Mint Missing Check
Moderate
GHSA-9v25-r5q2-2p6w
was published
for
mpl-candy-machine
(Rust)
Dec 12, 2022
Creator Verification Error when Bubblegum Activate
High
GHSA-8r76-fr72-j32w
was published
for
mpl-bubblegum
(Rust)
Dec 12, 2022
ansi_term is Unmaintained
Low
GHSA-74w3-p89x-ffgh
was published
for
ansi_term
(Rust)
Sep 16, 2022
•
withdrawn
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation
Moderate
GHSA-3fg9-hcq5-vxrc
was published
for
iana-time-zone
(Rust)
Aug 30, 2022
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Moderate
GHSA-jwh2-vrr9-vcp2
was published
for
mz-avro
(Rust)
Aug 30, 2022
Potential segfault in `localtime_r` invocations
Moderate
GHSA-cqpr-pcm7-m3jc
was published
for
chrono
(Rust)
Jun 16, 2022
•
withdrawn
Use After Free in Context::start_auth_session
Moderate
GHSA-w3vw-ccc5-qr8v
was published
for
tss-esapi
(Rust)
Jun 17, 2022
Miscomputation when performing AES encryption in rust-crypto
Critical
GHSA-jp3w-3q88-34cf
was published
for
rust-crypto
(Rust)
Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk
Moderate
GHSA-cgw6-f3mj-h742
was published
for
rust-embed
(Rust)
Jun 17, 2022
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
High
GHSA-p56p-gq3f-whg8
was published
for
flumedb
(Rust)
Jun 16, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
vec-const attempts to construct a Vec from a pointer to a const slice
Moderate
GHSA-jmwx-r3gq-qq3p
was published
for
vec-const
(Rust)
Jun 17, 2022
`SegQueue` creates zero value of any type
Moderate
GHSA-8gj8-hv75-gp94
was published
for
crossbeam
(Rust)
Jun 16, 2022
Channel creates zero value of any type
High
GHSA-9g55-pg62-m8hh
was published
for
crossbeam-channel
(Rust)
Jun 16, 2022
`SegQueue` creates zero value of any type
Moderate
GHSA-6888-wf7j-34jq
was published
for
crossbeam-queue
(Rust)
Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
High
GHSA-qj69-c89v-jwq2
was published
for
ash
(Rust)
Jun 16, 2022
Parser creates invalid uninitialized value
High
GHSA-f67m-9j94-qv9j
was published
for
hyper
(Rust)
Jun 16, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON
Moderate
GHSA-2226-4v3c-cff8
was published
for
rustc-serialize
(Rust)
Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
AtomicBucket<T> unconditionally implements Send/Sync
Moderate
GHSA-3hxh-7jxm-59x4
was published
for
metrics-util
(Rust)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API