Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

818 advisories

Loading
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters Critical
CVE-2024-28123 was published for wasmi (Rust) Mar 7, 2024
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
*const c_void / ExternalPointer unsoundness leading to use-after-free Moderate
CVE-2024-27934 was published for Deno (Rust) Mar 6, 2024
leesh3288
eza Potential Heap Overflow Vulnerability for AArch64 High
CVE-2024-25817 was published for eza (Rust) Feb 8, 2024
CuB3y0nd FuzzyLitchi
cafkafk inspector-ambitious
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64 Moderate
GHSA-3xc6-7h59-j2x4 was published for eza (Rust) Mar 6, 2024 withdrawn
Insufficient permission checking in `Deno.makeTemp*` APIs Moderate
CVE-2024-27931 was published for deno (Rust) Mar 5, 2024
ericcornelissen mmastrac
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service High
CVE-2019-25008 was published for http (Rust) Jun 16, 2022 withdrawn
matveybaykalov
Out-of-bounds Write in nix Moderate
CVE-2021-45707 was published for nix (Rust) Jan 6, 2022
Polyhistorian
Externally Controlled Format String in Scripting Functions High
GHSA-q3gg-m8hr-h4x4 was published for surrealdb (Rust) Feb 21, 2024
akkie
Uncaught Exception in Macro Expecting Native Function to Exist Moderate
GHSA-6wr5-jmpr-mjcx was published for surrealdb (Rust) Feb 21, 2024
idofilus
Uncaught Exception Handling Parsing Errors on Line Terminators Moderate
GHSA-8xff-473h-f863 was published for surrealdb (Rust) Feb 21, 2024
Cheyenne1025
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access Moderate
CVE-2023-50711 was published for vmm-sys-util (Rust) Jan 2, 2024
bchalios
Tungstenite allows remote attackers to cause a denial of service High
CVE-2023-43669 was published for tungstenite (Rust) Sep 21, 2023
bayandin tsal
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
socket2 invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35920 was published for net2 (Rust) Aug 25, 2021
Use after free in libpulse-binding Moderate
CVE-2018-25001 was published for libpulse-binding (Rust) Aug 30, 2021
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2 High
GHSA-22q8-ghmq-63vf was published for libgit2-sys (Rust) Feb 12, 2024
Unauthenticated Nonce Increment in snow Moderate
GHSA-7g9j-g5jg-3vv3 was published for snow (Rust) Jan 24, 2024
serde-json-wasm stack overflow during recursive JSON parsing High
GHSA-rr69-rxr6-8qwf was published for serde-json-wasm (Rust) Feb 9, 2024
Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024
openssl-src subject to Timing Oracle in RSA Decryption Moderate
CVE-2022-4304 was published for openssl-src (Rust) Feb 8, 2023
another-rex
ProTip! Advisories are also available from the GraphQL API