Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

266 advisories

Loading
Source code is downloaded over cleartext HTTP in portaudio Moderate
CVE-2016-10933 was published for portaudio (Rust) Aug 25, 2021
Data race in atomic-option Moderate
CVE-2020-36219 was published for atomic-option (Rust) Aug 25, 2021
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
Tauri Filesystem Scope Glob Pattern is too Permissive Moderate
CVE-2022-46171 was published for tauri (Rust) Dec 22, 2022
OrIOg
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for frontier (Rust) Aug 18, 2022
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system Moderate
CVE-2021-3917 was published for coreos-installer (Rust) Nov 8, 2021
xlejo
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list Moderate
CVE-2022-46149 was published for capnp (Rust) Dec 5, 2022
Weight not properly refunded after EVM execution Moderate
CVE-2022-39242 was published for frontier (Rust) Sep 23, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
Wasmtime vulnerable to Use After Free with `externref`s Moderate
CVE-2022-31146 was published for cranelift-codegen (Rust) Jul 20, 2022
alexcrichton fitzgen
jameysharp
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
Reachable Assertion in rulex Moderate
CVE-2022-31100 was published for rulex (Rust) Jun 21, 2022
evanrichter
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Moderate
CVE-2022-27817 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-26281 was published for async-h1 (Rust) Oct 12, 2021
Data race in disrustor Moderate
CVE-2020-36470 was published for disrustor (Rust) Aug 25, 2021
J3rry-1729
git2-rs fails to verify SSH keys by default Moderate
GHSA-m4ch-rfv5-x5g3 was published for git2 (Rust) Jan 20, 2023
ELF header parsing library doesn't check for valid offset Moderate
GHSA-g6pw-999w-j75m was published for elf_rs (Rust) Jan 20, 2023
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()` Moderate
GHSA-f85w-wvc7-crwc was published for bumpalo (Rust) Jan 20, 2023
Candy Machine Set Collection During Mint Missing Check Moderate
GHSA-9v25-r5q2-2p6w was published for mpl-candy-machine (Rust) Dec 12, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation Moderate
GHSA-3fg9-hcq5-vxrc was published for iana-time-zone (Rust) Aug 30, 2022
mz-avro's incorrect use of `set_len` allows for un-initialized memory Moderate
GHSA-jwh2-vrr9-vcp2 was published for mz-avro (Rust) Aug 30, 2022
Potential segfault in `localtime_r` invocations Moderate
GHSA-cqpr-pcm7-m3jc was published for chrono (Rust) Jun 16, 2022 withdrawn
KamilaBorowska penberg
ProTip! Advisories are also available from the GraphQL API