Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

270 advisories

Loading
Memory over-allocation in evm-core Moderate
GHSA-773q-5334-5gf9 was published for evm-core (Rust) Aug 25, 2021
MutexGuard::map can cause a data race in safe code Moderate
CVE-2020-35905 was published for futures-util (Rust) May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer Moderate
CVE-2020-35907 was published for futures-task (Rust) May 24, 2022
QueryInterface should call AddRef before returning pointer Moderate
GHSA-9rg7-3j4f-cf4x was published for derive-com-impl (Rust) Jun 16, 2022
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
Argument injection in lettre Moderate
CVE-2020-28247 was published for lettre (Rust) Aug 25, 2021
vin01
Data races in futures-intrusive Moderate
CVE-2020-35915 was published for futures-intrusive (Rust) Aug 25, 2021
Data race in eventio Moderate
CVE-2020-36216 was published for eventio (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35912 was published for lock_api (Rust) Aug 25, 2021
Out of bounds read in lazy-init Moderate
CVE-2021-25901 was published for lazy-init (Rust) Aug 25, 2021
Mutable reference with immutable provenance in image Moderate
CVE-2020-35916 was published for image (Rust) Aug 25, 2021
tdunlap607
Data races in lock_api Moderate
CVE-2020-35914 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35913 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35911 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35910 was published for lock_api (Rust) Aug 25, 2021
Aliased mutable references from `tls_rand` & `TlsWyRand` Moderate
GHSA-p6gj-gpc8-f8xw was published for nanorand (Rust) Jun 17, 2022
miow invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35921 was published for miow (Rust) Aug 25, 2021
KamilaBorowska
mio invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35922 was published for mio (Rust) Aug 25, 2021
tdunlap607
Data races in magnetic Moderate
CVE-2020-35925 was published for magnetic (Rust) Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators Moderate
CVE-2020-35923 was published for ordered-float (Rust) Aug 25, 2021
saethlin tdunlap607
Improper random number generation in nanorand Moderate
CVE-2020-35926 was published for nanorand (Rust) Aug 25, 2021
Data races in multiqueue2 Moderate
CVE-2020-36214 was published for multiqueue2 (Rust) Aug 25, 2021
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Optional `Deserialize` implementations lacking validation Moderate
GHSA-jf5h-cf95-w759 was published for raw-cpuid (Rust) Jun 17, 2022
ProTip! Advisories are also available from the GraphQL API