GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-36202
was published
for
async-h1
(Rust)
May 24, 2022
Wasmtime vulnerable to Use After Free with `externref`s
Moderate
CVE-2022-31146
was published
for
cranelift-codegen
(Rust)
Jul 20, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Moderate
CVE-2022-31169
was published
for
cranelift-codegen
(Rust)
Jul 21, 2022
Weight not properly refunded after EVM execution
Moderate
CVE-2022-39242
was published
for
frontier
(Rust)
Sep 23, 2022
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Moderate
CVE-2022-46149
was published
for
capnp
(Rust)
Dec 5, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
Incorrect parsing of EVM reversion exit reason in RPC
Moderate
CVE-2022-36008
was published
for
frontier
(Rust)
Aug 18, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
Tauri Filesystem Scope Glob Pattern is too Permissive
Moderate
CVE-2022-46171
was published
for
tauri
(Rust)
Dec 22, 2022
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
Data race in atomic-option
Moderate
CVE-2020-36219
was published
for
atomic-option
(Rust)
Aug 25, 2021
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
Validity check missing in Frontier
Moderate
CVE-2021-41138
was published
for
Frontier
(Rust)
Oct 13, 2021
kamadak-exif vulnerable to Infinite loop when parsing PNG files
Moderate
CVE-2021-21235
was published
for
kamadak-exif
(Rust)
Oct 6, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Moderate
CVE-2022-39354
was published
for
evm
(Rust)
Oct 25, 2022
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Moderate
CVE-2023-22466
was published
for
tokio
(Rust)
Jan 6, 2023
Integer underflow in Frontier
Moderate
CVE-2022-21685
was published
for
frontier
(Rust)
Jan 14, 2022
Observable Discrepancy in libsecp256k1-rs
Moderate
CVE-2019-20399
was published
for
libsecp256k1-rs
(Rust)
Aug 25, 2021
Cross-site Scripting in ammonia
Moderate
CVE-2021-38193
was published
for
ammonia
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API