GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
AtomicBucket<T> unconditionally implements Send/Sync
Moderate
GHSA-3hxh-7jxm-59x4
was published
for
metrics-util
(Rust)
Jun 17, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON
Moderate
GHSA-2226-4v3c-cff8
was published
for
rustc-serialize
(Rust)
Jun 17, 2022
`array!` macro is unsound when its length is impure constant
Moderate
GHSA-7v4j-8wvr-v55r
was published
for
array-macro
(Rust)
Jun 16, 2022
Library exclusively intended to obfuscate code.
Moderate
GHSA-gfg9-x6px-r7gr
was published
for
plutonium
(Rust)
Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings
Moderate
GHSA-rwf4-gx62-rqfw
was published
for
crossbeam
(Rust)
Jun 8, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Moderate
GHSA-p75v-367r-2v23
was published
for
cell-project
(Rust)
Sep 16, 2022
Multiple memory safety issues in actix-web
Moderate
GHSA-w65j-g6c7-g3m4
was published
for
actix-web
(Rust)
Aug 25, 2021
Use after free in actix-service
Moderate
CVE-2020-35899
was published
for
actix-service
(Rust)
Aug 25, 2021
Compiler optimisation leads to SEGFAULT
Moderate
GHSA-r6ff-2q3c-v3pv
was published
for
pnet
(Rust)
Aug 25, 2021
Improper synchronization in buttplug
Moderate
CVE-2020-36218
was published
for
buttplug
(Rust)
Aug 25, 2021
smallvec creates uninitialized value of any type
Moderate
GHSA-66p5-j55p-32r9
was published
for
smallvec
(Rust)
Aug 25, 2021
Uncaught Exception in libpulse-binding
Moderate
GHSA-wcxc-jf6c-8rx9
was published
for
libpulse-binding
(Rust)
Aug 25, 2021
Partial read is incorrect in molecule
Moderate
GHSA-82hm-vh7g-hrh9
was published
for
molecule
(Rust)
Aug 25, 2021
Queue<T> should have a Send bound on its Send/Sync traits
Moderate
GHSA-v42f-j8fx-99f3
was published
for
scottqueue
(Rust)
Aug 25, 2021
•
withdrawn
VecStorage Deserialize Allows Violation of Length Invariant
Moderate
GHSA-h3mf-4fwp-59c7
was published
for
nalgebra
(Rust)
Aug 5, 2021
•
withdrawn
Unexpected panics in num-bigint
Moderate
GHSA-v935-pqmr-g8v9
was published
for
num-bigint
(Rust)
Nov 3, 2021
Data races in generator
Moderate
GHSA-h6gg-fvf5-qgwf
was published
for
generator
(Rust)
Aug 25, 2021
•
withdrawn
Assumed memory layout of std::net::SocketAddr
Moderate
GHSA-p5w9-856p-8q4g
was published
for
socket2
(Rust)
Aug 25, 2021
•
withdrawn
MvccRwLock allows data races & aliasing violations
Moderate
GHSA-mgg8-9pvp-6qcw
was published
for
noise_search
(Rust)
Aug 25, 2021
•
withdrawn
Data races in unicycle
Moderate
GHSA-7mg7-m5c3-3hqj
was published
for
unicycle
(Rust)
Aug 25, 2021
•
withdrawn
Singleton lacks bounds on Send and Sync.
Moderate
GHSA-vj88-5667-w56p
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API