GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
818 advisories
Filter by severity
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
Mio's tokens for named pipes may be delivered after deregistration
High
CVE-2024-27308
was published
for
mio
(Rust)
Mar 4, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
*const c_void / ExternalPointer unsoundness leading to use-after-free
Moderate
CVE-2024-27934
was published
for
Deno
(Rust)
Mar 6, 2024
eza Potential Heap Overflow Vulnerability for AArch64
High
CVE-2024-25817
was published
for
eza
(Rust)
Feb 8, 2024
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64
Moderate
GHSA-3xc6-7h59-j2x4
was published
for
eza
(Rust)
Mar 6, 2024
•
withdrawn
Insufficient permission checking in `Deno.makeTemp*` APIs
Moderate
CVE-2024-27931
was published
for
deno
(Rust)
Mar 5, 2024
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
Externally Controlled Format String in Scripting Functions
High
GHSA-q3gg-m8hr-h4x4
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception in Macro Expecting Native Function to Exist
Moderate
GHSA-6wr5-jmpr-mjcx
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception Handling Parsing Errors on Line Terminators
Moderate
GHSA-8xff-473h-f863
was published
for
surrealdb
(Rust)
Feb 21, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
socket2 invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35920
was published
for
net2
(Rust)
Aug 25, 2021
Use after free in libpulse-binding
Moderate
CVE-2018-25001
was published
for
libpulse-binding
(Rust)
Aug 30, 2021
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
High
GHSA-22q8-ghmq-63vf
was published
for
libgit2-sys
(Rust)
Feb 12, 2024
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
serde-json-wasm stack overflow during recursive JSON parsing
High
GHSA-rr69-rxr6-8qwf
was published
for
serde-json-wasm
(Rust)
Feb 9, 2024
Svix vulnerable to improper comparison of different-length signatures
Moderate
GHSA-w277-wpqf-rcfv
was published
for
svix
(Rust)
Feb 6, 2024
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API