GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
793 advisories
Filter by severity
Array size is not checked in sized-chunks
High
CVE-2020-25791
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Use after free in actix-service
Moderate
CVE-2020-35899
was published
for
actix-service
(Rust)
Aug 25, 2021
Double free in basic_dsp_matrix
High
CVE-2021-25906
was published
for
basic_dsp_matrix
(Rust)
Aug 25, 2021
Uninitialized memory access in outer_cgi
Critical
CVE-2021-30454
was published
for
outer_cgi
(Rust)
Aug 25, 2021
Compiler optimisation leads to SEGFAULT
Moderate
GHSA-r6ff-2q3c-v3pv
was published
for
pnet
(Rust)
Aug 25, 2021
Miner fails to get block template when a cell used as a cell dep has been destroyed.
High
GHSA-v666-6w97-pcwm
was published
for
ckb
(Rust)
Aug 25, 2021
Use of Uninitialized Resource in truetype
High
CVE-2021-28030
was published
for
truetype
(Rust)
Aug 25, 2021
Process crashes when the cell used as DepGroup is not alive
Critical
GHSA-45p7-c959-rgcm
was published
for
ckb
(Rust)
Aug 25, 2021
Improper synchronization in buttplug
Moderate
CVE-2020-36218
was published
for
buttplug
(Rust)
Aug 25, 2021
Free of uninitialized memory in autorand
High
CVE-2020-36210
was published
for
autorand
(Rust)
Aug 25, 2021
smallvec creates uninitialized value of any type
Moderate
GHSA-66p5-j55p-32r9
was published
for
smallvec
(Rust)
Aug 25, 2021
Uncaught Exception in libpulse-binding
Moderate
GHSA-wcxc-jf6c-8rx9
was published
for
libpulse-binding
(Rust)
Aug 25, 2021
fake-static allows converting any reference into a `'static` reference
High
GHSA-8xw8-mmqv-frqq
was published
for
fake-static
(Rust)
Aug 25, 2021
Use after free in libpulse-binding
High
GHSA-ghpq-vjxw-ch5w
was published
for
libpulse-binding
(Rust)
Aug 25, 2021
Partial read is incorrect in molecule
Moderate
GHSA-82hm-vh7g-hrh9
was published
for
molecule
(Rust)
Aug 25, 2021
DoS Vulnerability from Upstream Actix Web Issues
High
GHSA-gjrj-9rj4-pgwx
was published
for
perseus-actix-web
(Rust)
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API