GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
793 advisories
Filter by severity
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
Denial of Service issue in quinn-proto
High
CVE-2023-42805
was published
for
quinn-proto
(Rust)
Sep 21, 2023
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
BER/CER/DER decoder panics on invalid input
High
CVE-2023-39914
was published
for
bcder
(Rust)
Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Inventory exposes reference to non-Sync data to an arbitrary thread
Moderate
GHSA-36xm-35qq-795w
was published
for
inventory
(Rust)
Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer
Moderate
GHSA-jcr6-4frq-9gjj
was published
for
users
(Rust)
Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime
Moderate
GHSA-ghc8-5cgm-5rpf
was published
for
inventory
(Rust)
Sep 11, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Moderate
CVE-2023-41317
was published
for
apollo-router
(Rust)
Sep 7, 2023
Multiple soundness issues in lexical
Moderate
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
mail-internals use-after-free vulnerability in `vec_insert_bytes`
Moderate
GHSA-rcx8-48pc-v9q8
was published
for
mail-internals
(Rust)
Aug 24, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
rustls-webpki: CPU denial of service in certificate path building
High
GHSA-fh2r-99q2-6mmg
was published
for
rustls-webpki
(Rust)
Aug 22, 2023
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Moderate
GHSA-w5vr-6qhr-36cc
was published
for
ed25519-dalek
(Rust)
Aug 14, 2023
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
odoh-rs's Invalid Slice Split Results in Server Panic
Moderate
CVE-2023-3766
was published
for
odoh-rs
(Rust)
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API