GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
266 advisories
Filter by severity
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
gix-path can use a fake program files location
Moderate
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Moderate
GHSA-gh9f-6xm2-c4j2
was published
for
surrealdb
(Rust)
Jul 11, 2024
zerovec-derive incorrectly uses `#[repr(packed)]`
Moderate
GHSA-74r5-g7vc-j2v2
was published
for
zerovec-derive
(Rust)
Jul 8, 2024
gix-transport code execution vulnerability
Moderate
GHSA-rrjw-j4m2-mf34
was published
for
gix-transport
(Rust)
Sep 25, 2023
zerovec incorrectly uses `#[repr(packed)]`
Moderate
GHSA-xrv3-jmcp-374j
was published
for
zerovec
(Rust)
Jul 8, 2024
Multiple soundness issues in lexical
Moderate
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Moderate
GHSA-x4gp-pqpj-f43q
was published
for
curve25519-dalek
(Rust)
Jun 18, 2024
iFrames Bypass Origin Checks for Tauri API Access Control
Moderate
CVE-2024-35222
was published
for
tauri
(Rust)
May 23, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Moderate
CVE-2024-4435
was published
for
ic-stable-structures
(Rust)
May 21, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Moderate
CVE-2024-34353
was published
for
matrix-sdk-crypto
(Rust)
May 13, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
Use after free in libpulse-binding
Moderate
GHSA-f56g-chqp-22m9
was published
for
libpulse-binding
(Rust)
Feb 3, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Moderate
GHSA-mc39-h54g-pvw6
was published
for
libdav1d-sys
(Rust)
Apr 5, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Moderate
CVE-2024-27932
was published
for
deno
(Rust)
Mar 6, 2024
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Moderate
CVE-2022-31104
was published
for
cranelift-codegen
(Rust)
Jun 29, 2022
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Moderate
CVE-2024-1765
was published
for
quiche
(Rust)
Mar 13, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API