GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
270 advisories
Filter by severity
Memory over-allocation in evm-core
Moderate
GHSA-773q-5334-5gf9
was published
for
evm-core
(Rust)
Aug 25, 2021
MutexGuard::map can cause a data race in safe code
Moderate
CVE-2020-35905
was published
for
futures-util
(Rust)
May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
Moderate
CVE-2020-35907
was published
for
futures-task
(Rust)
May 24, 2022
QueryInterface should call AddRef before returning pointer
Moderate
GHSA-9rg7-3j4f-cf4x
was published
for
derive-com-impl
(Rust)
Jun 16, 2022
HTTPS MitM vulnerability due to lack of hostname verification
Moderate
CVE-2016-10932
was published
for
hyper
(Rust)
Aug 25, 2021
Headers containing newline characters can split messages in hyper
Moderate
CVE-2017-18587
was published
for
hyper
(Rust)
Aug 25, 2021
Data races in futures-intrusive
Moderate
CVE-2020-35915
was published
for
futures-intrusive
(Rust)
Aug 25, 2021
Out of bounds read in lazy-init
Moderate
CVE-2021-25901
was published
for
lazy-init
(Rust)
Aug 25, 2021
Mutable reference with immutable provenance in image
Moderate
CVE-2020-35916
was published
for
image
(Rust)
Aug 25, 2021
Aliased mutable references from `tls_rand` & `TlsWyRand`
Moderate
GHSA-p6gj-gpc8-f8xw
was published
for
nanorand
(Rust)
Jun 17, 2022
miow invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35921
was published
for
miow
(Rust)
Aug 25, 2021
mio invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35922
was published
for
mio
(Rust)
Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators
Moderate
CVE-2020-35923
was published
for
ordered-float
(Rust)
Aug 25, 2021
Improper random number generation in nanorand
Moderate
CVE-2020-35926
was published
for
nanorand
(Rust)
Aug 25, 2021
insert_slice_clone can double drop if Clone panics.
Moderate
CVE-2021-26954
was published
for
qwutils
(Rust)
May 24, 2022
Optional `Deserialize` implementations lacking validation
Moderate
GHSA-jf5h-cf95-w759
was published
for
raw-cpuid
(Rust)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API