GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
libostree vulnerable to denial of service attack
Moderate
CVE-2022-47085
was published
for
ostree
(Rust)
Jul 18, 2023
Zerocopy: Some Ref methods are unsound with some type parameters
Moderate
GHSA-rjhf-4mh8-9xjq
was published
for
zerocopy
(Rust)
Dec 18, 2023
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
Full Table Permissions by Default
High
GHSA-x5fr-7hhj-34j3
was published
for
surrealdb
(Rust)
Dec 15, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
GHSA-4grx-2x9w-596c
was published
for
rsa
(Rust)
Nov 28, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
Unbounded queuing of path validation messages in cloudflare-quiche
Moderate
CVE-2023-6193
was published
for
quiche
(Rust)
Dec 13, 2023
Stack consumption in trust-dns-server
High
CVE-2020-35857
was published
for
trust-dns-server
(Rust)
Aug 25, 2021
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
Environment variables still accessible through /proc
Moderate
GHSA-wj7f-468m-6mv8
was published
for
birdcage
(Rust)
Dec 1, 2023
`openssl` `X509StoreRef::objects` is unsound
Moderate
GHSA-xphf-cx8h-7q9g
was published
for
openssl
(Rust)
Nov 28, 2023
Insufficient covariance check makes self_cell unsound
High
GHSA-48m6-wm5p-rr6h
was published
for
self_cell
(Rust)
Nov 14, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
odoh-rs's Invalid Slice Split Results in Server Panic
Moderate
CVE-2023-3766
was published
for
odoh-rs
(Rust)
Aug 3, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
Moderate
CVE-2023-30610
was published
for
aws-sigv4
(Rust)
Apr 26, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
xml-rs vulnerable to denial of service via invalid token in XML document
High
CVE-2023-34411
was published
for
xml-rs
(Rust)
Jun 5, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
urlnorm vulnerable to Regular Expression Denial of Service
High
CVE-2023-33289
was published
for
urlnorm
(Rust)
Jun 21, 2023
Out of bounds access in lucet-runtime-internals
Critical
CVE-2020-35859
was published
for
lucet-runtime-internals
(Rust)
Aug 25, 2021
Incorrect implementation in streebog
High
CVE-2019-25007
was published
for
streebog
(Rust)
Aug 25, 2021
Incorrect implementation of the Streebog hash functions in streebog
High
CVE-2019-25006
was published
for
streebog
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API