GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Critical
CVE-2024-32971
was published
for
apollo-router
(Rust)
May 2, 2024
Type confusion if __private_get_type_id__ is overriden
Critical
CVE-2020-25575
was published
for
failure
(Rust)
Jun 16, 2022
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Critical
GHSA-q73f-w3h7-7wcc
was published
for
ckb
(Rust)
Feb 3, 2024
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Out of bounds access in lucet-runtime-internals
Critical
CVE-2020-35859
was published
for
lucet-runtime-internals
(Rust)
Aug 25, 2021
Rust Failure Crate Vulnerable to Type confusion
Critical
CVE-2019-25010
was published
for
failure
(Rust)
Aug 25, 2021
Buffer overflow in SmallVec::insert_many
Critical
CVE-2021-25900
was published
for
smallvec
(Rust)
May 24, 2022
Incorrect Comparison in sodiumoxide
Critical
CVE-2019-25002
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
Buffer Overflow in galois_2p8
Critical
CVE-2022-24988
was published
for
galois_2p8
(Rust)
Feb 15, 2022
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Critical
CVE-2021-45709
was published
for
crypto2
(Rust)
Jan 6, 2022
Sandbox bypass leading to arbitrary code execution in Deno
Critical
CVE-2022-24783
was published
for
deno
(Rust)
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API