Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
rustls-webpki: CPU denial of service in certificate path building High
GHSA-fh2r-99q2-6mmg was published for rustls-webpki (Rust) Aug 22, 2023
Marcono1234
libsecp256k1 contains side-channel timing attack High
CVE-2019-25003 was published for libsecp256k1 (Rust) Aug 25, 2021
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
Resource leakage when decoding certificates and keys High
CVE-2022-1473 was published for openssl-src (Rust) May 4, 2022
pinkforest
librsvg DoS via Cyclic References High
CVE-2015-7558 was published for librsvg (Rust) May 17, 2022
Certificate check bypass in openssl-src High
CVE-2021-3450 was published for openssl-src (Rust) Aug 25, 2021
another-rex
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs High
CVE-2022-31162 was published for slack-morphism (Rust) Jul 20, 2022
tdunlap607
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` High
CVE-2022-36086 was published for linked_list_allocator (Rust) Sep 16, 2022
evanrichter
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
Rust's regex crate vulnerable to regular expression denial of service High
CVE-2022-24713 was published for regex (Rust) Mar 8, 2022
addisoncrump
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Data race in conqueue High
CVE-2020-36437 was published for conqueue (Rust) Aug 25, 2021
Wrong memory orderings violates mutual exclusion in spin High
CVE-2019-16137 was published for spin (Rust) Aug 25, 2021
Data races in hashconsing High
CVE-2020-36215 was published for hashconsing (Rust) Aug 25, 2021
Data races in slock High
CVE-2020-36455 was published for slock (Rust) Aug 25, 2021
J3rry-1729
Data races on syncpool High
GHSA-r88h-6987-g79f was published for syncpool (Rust) Aug 25, 2021
Overflow in prost-types High
CVE-2021-38192 was published for prost-types (Rust) Aug 25, 2021
tdunlap607
Null pointer deference in openssl-src High
CVE-2020-1967 was published for openssl-src (Rust) Aug 25, 2021
another-rex andrewpollock
Data race in v9 High
CVE-2020-36447 was published for v9 (Rust) Aug 25, 2021
J3rry-1729
Uninitialized memory access in toodee High
CVE-2021-28029 was published for toodee (Rust) Sep 1, 2021
Unchecked Return Value in xcb High
CVE-2021-26958 was published for xcb (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API