GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
266 advisories
Filter by severity
Source code is downloaded over cleartext HTTP in portaudio
Moderate
CVE-2016-10933
was published
for
portaudio
(Rust)
Aug 25, 2021
Data race in atomic-option
Moderate
CVE-2020-36219
was published
for
atomic-option
(Rust)
Aug 25, 2021
Data races in noise_search
Moderate
CVE-2020-36461
was published
for
noise_search
(Rust)
Aug 25, 2021
Tauri Filesystem Scope Glob Pattern is too Permissive
Moderate
CVE-2022-46171
was published
for
tauri
(Rust)
Dec 22, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
Incorrect parsing of EVM reversion exit reason in RPC
Moderate
CVE-2022-36008
was published
for
frontier
(Rust)
Aug 18, 2022
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Moderate
CVE-2022-46149
was published
for
capnp
(Rust)
Dec 5, 2022
Weight not properly refunded after EVM execution
Moderate
CVE-2022-39242
was published
for
frontier
(Rust)
Sep 23, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Moderate
CVE-2022-31169
was published
for
cranelift-codegen
(Rust)
Jul 21, 2022
Wasmtime vulnerable to Use After Free with `externref`s
Moderate
CVE-2022-31146
was published
for
cranelift-codegen
(Rust)
Jul 20, 2022
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-36202
was published
for
async-h1
(Rust)
May 24, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
git2-rs fails to verify SSH keys by default
Moderate
GHSA-m4ch-rfv5-x5g3
was published
for
git2
(Rust)
Jan 20, 2023
ELF header parsing library doesn't check for valid offset
Moderate
GHSA-g6pw-999w-j75m
was published
for
elf_rs
(Rust)
Jan 20, 2023
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Moderate
GHSA-f85w-wvc7-crwc
was published
for
bumpalo
(Rust)
Jan 20, 2023
Candy Machine Set Collection During Mint Missing Check
Moderate
GHSA-9v25-r5q2-2p6w
was published
for
mpl-candy-machine
(Rust)
Dec 12, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation
Moderate
GHSA-3fg9-hcq5-vxrc
was published
for
iana-time-zone
(Rust)
Aug 30, 2022
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Moderate
GHSA-jwh2-vrr9-vcp2
was published
for
mz-avro
(Rust)
Aug 30, 2022
Potential segfault in `localtime_r` invocations
Moderate
GHSA-cqpr-pcm7-m3jc
was published
for
chrono
(Rust)
Jun 16, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API