GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
Invalid handling of `X509_verify_cert()` internal errors in libssl
High
CVE-2021-4044
was published
for
openssl-src
(Rust)
Dec 15, 2021
Undefined Behavior in Rust runtime functions
Low
CVE-2023-30624
was published
for
wasmtime
(Rust)
Apr 27, 2023
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service
Low
CVE-2023-33290
was published
for
git-url-parse
(Rust)
Jun 12, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload
Moderate
CVE-2023-46135
was published
for
stellar-strkey
(Rust)
Oct 25, 2023
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
Rust Failure Crate Vulnerable to Type confusion
Critical
CVE-2019-25010
was published
for
failure
(Rust)
Aug 25, 2021
NATS TLS certificate common name validation bypass
Moderate
GHSA-wvc4-j7g5-4f79
was published
for
nats
(Rust)
Mar 27, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Low
GHSA-j57r-4qw6-58r3
was published
for
rusty-paseto
(Rust)
Nov 7, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Moderate
CVE-2023-31134
was published
for
tauri
(Rust)
May 3, 2023
Stored cross site scripting in Microbin
Moderate
CVE-2023-27075
was published
for
microbin
(Rust)
May 4, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Moderate
CVE-2023-41317
was published
for
apollo-router
(Rust)
Sep 7, 2023
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
Moderate
CVE-2023-34460
was published
for
tauri
(Rust)
Jun 21, 2023
Cargo did not verify SSH host keys
Moderate
CVE-2022-46176
was published
for
cargo
(Rust)
Jan 10, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Moderate
CVE-2023-34449
was published
for
ink
(Rust)
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API