Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,770
Maven
4,994
npm
3,540
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
Use of a Broken or Risky Cryptographic Algorithm in crypto2 Critical
CVE-2021-45709 was published for crypto2 (Rust) Jan 6, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` High
CVE-2022-36086 was published for linked_list_allocator (Rust) Sep 16, 2022
evanrichter
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
Data race in conqueue High
CVE-2020-36437 was published for conqueue (Rust) Aug 25, 2021
Data race in abox High
CVE-2020-36441 was published for abox (Rust) Aug 25, 2021
Data races in ticketed_lock High
CVE-2020-36439 was published for ticketed_lock (Rust) Aug 25, 2021
Data race in tiny_future High
CVE-2020-36438 was published for tiny_future (Rust) Aug 25, 2021
Heap overflow or corruption in safe-transmute Critical
CVE-2018-21000 was published for safe-transmute (Rust) Aug 25, 2021
tdunlap607
Memory corruption slice-deque Critical
CVE-2018-20995 was published for slice-deque (Rust) Aug 25, 2021
Data races in signal-simple High
CVE-2020-36446 was published for signal-simple (Rust) Aug 25, 2021
quinn invalidly assumes the memory layout of std::net::SocketAddr High
CVE-2021-28036 was published for quinn (Rust) Aug 25, 2021
Out of bounds access in rgb Critical
CVE-2020-25016 was published for rgb (Rust) Aug 25, 2021
Out of bounds read in Ozone Critical
CVE-2020-35877 was published for ozone (Rust) Aug 25, 2021
Data races in parc High
CVE-2020-36454 was published for parc (Rust) Aug 25, 2021
Buffer overflow and format vulnerabilities in ncurses Critical
CVE-2019-15548 was published for ncurses (Rust) Aug 25, 2021
Drop of uninitialized memory in Ozone Critical
CVE-2020-35878 was published for ozone (Rust) Aug 25, 2021
nb-connect invalidly assumes the memory layout of std::net::SocketAddr Critical
CVE-2021-27376 was published for nb-connect (Rust) Aug 25, 2021
crossbeam-channel Undefined Behavior before v0.4.4 High
CVE-2020-15254 was published for crossbeam-channel (Rust) Aug 25, 2021
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Deserializing an array can free uninitialized memory in byte_struct Critical
CVE-2021-28033 was published for byte_struct (Rust) Aug 25, 2021
tdunlap607
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Out of bounds write in nalgebra Critical
CVE-2021-38190 was published for nalgebra (Rust) Aug 25, 2021
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
ProTip! Advisories are also available from the GraphQL API