Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Integer Overflow in Chunked Transfer-Encoding Moderate
CVE-2021-32714 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
VecStorage Deserialize Allows Violation of Length Invariant Moderate
GHSA-h3mf-4fwp-59c7 was published for nalgebra (Rust) Aug 5, 2021 withdrawn
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Source code is downloaded over cleartext HTTP in portaudio Moderate
CVE-2016-10933 was published for portaudio (Rust) Aug 25, 2021
Uninitialized memory exposure in claxon Moderate
CVE-2018-20992 was published for claxon (Rust) Aug 25, 2021
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr Moderate
CVE-2020-35886 was published for arr (Rust) Aug 25, 2021
Use after free in actix-service Moderate
CVE-2020-35899 was published for actix-service (Rust) Aug 25, 2021
Data races in atom Moderate
CVE-2020-35897 was published for atom (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35910 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35914 was published for lock_api (Rust) Aug 25, 2021
Incorrect buffer size in crossbeam-channel Moderate
CVE-2020-35904 was published for crossbeam-channel (Rust) Aug 25, 2021
Out of bounds read in dync Moderate
CVE-2020-35903 was published for dync (Rust) Aug 25, 2021
Unexpected panic when decoding tokens in branca Moderate
CVE-2020-35918 was published for branca (Rust) Aug 25, 2021
tdunlap607
Reference counting error in pyo3 Moderate
CVE-2020-35917 was published for pyo3 (Rust) Aug 25, 2021
tdunlap607
Mutable reference with immutable provenance in image Moderate
CVE-2020-35916 was published for image (Rust) Aug 25, 2021
tdunlap607
Data races in lock_api Moderate
CVE-2020-35911 was published for lock_api (Rust) Aug 25, 2021
Data races in futures-intrusive Moderate
CVE-2020-35915 was published for futures-intrusive (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35912 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35913 was published for lock_api (Rust) Aug 25, 2021
Data races in magnetic Moderate
CVE-2020-35925 was published for magnetic (Rust) Aug 25, 2021
Data races in concread Moderate
CVE-2020-35928 was published for concread (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API