GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
780 advisories
Filter by severity
Unsound sending of non-Send types across threads in threadalone
Moderate
GHSA-w59h-378f-2frm
was published
for
threadalone
(Rust)
Jan 23, 2024
Multiple issues involving quote API in shlex
High
GHSA-r7qv-8r2h-pg27
was published
for
shlex
(Rust)
Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Moderate
GHSA-8r5v-vm4m-4g25
was published
for
h2
(Rust)
Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception in surrealdb
Moderate
GHSA-jm4v-58r5-66hj
was published
for
surrealdb
(Rust)
Jan 18, 2024
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Rust EVM erroneousle handles `record_external_operation` error return
Moderate
CVE-2024-21629
was published
for
evm
(Rust)
Jan 3, 2024
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
Wasmer filesystem sandbox not enforced
High
CVE-2023-51661
was published
for
wasmer-cli
(Rust)
Dec 13, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
Remotely exploitable denial of service in Rosenpass
High
GHSA-6ggr-cwv4-g7qg
was published
for
rosenpass
(Rust)
Dec 21, 2023
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Moderate
GHSA-r24f-hg58-vfrw
was published
for
unsafe-libyaml
(Rust)
Dec 21, 2023
libostree vulnerable to denial of service attack
Moderate
CVE-2022-47085
was published
for
ostree
(Rust)
Jul 18, 2023
Zerocopy: Some Ref methods are unsound with some type parameters
Moderate
GHSA-rjhf-4mh8-9xjq
was published
for
zerocopy
(Rust)
Dec 18, 2023
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
Full Table Permissions by Default
High
GHSA-x5fr-7hhj-34j3
was published
for
surrealdb
(Rust)
Dec 15, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
GHSA-4grx-2x9w-596c
was published
for
rsa
(Rust)
Nov 28, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
ProTip!
Advisories are also available from the
GraphQL API