GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
326 advisories
Filter by severity
rustls-webpki: CPU denial of service in certificate path building
High
GHSA-fh2r-99q2-6mmg
was published
for
rustls-webpki
(Rust)
Aug 22, 2023
libsecp256k1 contains side-channel timing attack
High
CVE-2019-25003
was published
for
libsecp256k1
(Rust)
Aug 25, 2021
WASM3 Improper Input Validation vulnerability
High
CVE-2022-39974
was published
for
pywasm3
(pip)
Sep 21, 2022
Resource leakage when decoding certificates and keys
High
CVE-2022-1473
was published
for
openssl-src
(Rust)
May 4, 2022
Certificate check bypass in openssl-src
High
CVE-2021-3450
was published
for
openssl-src
(Rust)
Aug 25, 2021
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
High
CVE-2022-36086
was published
for
linked_list_allocator
(Rust)
Sep 16, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23486
was published
for
libp2p
(Rust)
Dec 7, 2022
Routinator infinite loop vulnerability
High
CVE-2021-43172
was published
for
routinator
(Rust)
May 24, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length
High
CVE-2022-39294
was published
for
conduit-hyper
(Rust)
Oct 31, 2022
Rust's regex crate vulnerable to regular expression denial of service
High
CVE-2022-24713
was published
for
regex
(Rust)
Mar 8, 2022
Wrong memory orderings violates mutual exclusion in spin
High
CVE-2019-16137
was published
for
spin
(Rust)
Aug 25, 2021
Null pointer deference in openssl-src
High
CVE-2020-1967
was published
for
openssl-src
(Rust)
Aug 25, 2021
Uninitialized memory access in toodee
High
CVE-2021-28029
was published
for
toodee
(Rust)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API