Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
AtomicBucket<T> unconditionally implements Send/Sync Moderate
GHSA-3hxh-7jxm-59x4 was published for metrics-util (Rust) Jun 17, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
`array!` macro is unsound when its length is impure constant Moderate
GHSA-7v4j-8wvr-v55r was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>` Moderate
GHSA-p75v-367r-2v23 was published for cell-project (Rust) Sep 16, 2022
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Use after free in actix-service Moderate
CVE-2020-35899 was published for actix-service (Rust) Aug 25, 2021
Data races in concread Moderate
CVE-2020-35928 was published for concread (Rust) Aug 25, 2021
HTTP Request Smuggling in hyper Moderate
CVE-2021-21299 was published for hyper (Rust) Aug 25, 2021
ZeddYu
Compiler optimisation leads to SEGFAULT Moderate
GHSA-r6ff-2q3c-v3pv was published for pnet (Rust) Aug 25, 2021
Improper synchronization in buttplug Moderate
CVE-2020-36218 was published for buttplug (Rust) Aug 25, 2021
smallvec creates uninitialized value of any type Moderate
GHSA-66p5-j55p-32r9 was published for smallvec (Rust) Aug 25, 2021
Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021
Partial read is incorrect in molecule Moderate
GHSA-82hm-vh7g-hrh9 was published for molecule (Rust) Aug 25, 2021
Data race in may_queue Moderate
CVE-2020-36217 was published for may_queue (Rust) Aug 25, 2021
Data races in thex Moderate
CVE-2020-35927 was published for thex (Rust) Aug 25, 2021
Queue<T> should have a Send bound on its Send/Sync traits Moderate
GHSA-v42f-j8fx-99f3 was published for scottqueue (Rust) Aug 25, 2021 withdrawn
VecStorage Deserialize Allows Violation of Length Invariant Moderate
GHSA-h3mf-4fwp-59c7 was published for nalgebra (Rust) Aug 5, 2021 withdrawn
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
Data races in generator Moderate
GHSA-h6gg-fvf5-qgwf was published for generator (Rust) Aug 25, 2021 withdrawn
Assumed memory layout of std::net::SocketAddr Moderate
GHSA-p5w9-856p-8q4g was published for socket2 (Rust) Aug 25, 2021 withdrawn
MvccRwLock allows data races & aliasing violations Moderate
GHSA-mgg8-9pvp-6qcw was published for noise_search (Rust) Aug 25, 2021 withdrawn
Data races in unicycle Moderate
GHSA-7mg7-m5c3-3hqj was published for unicycle (Rust) Aug 25, 2021 withdrawn
Singleton lacks bounds on Send and Sync. Moderate
GHSA-vj88-5667-w56p was published for ruspiro-singleton (Rust) Aug 25, 2021 withdrawn
ProTip! Advisories are also available from the GraphQL API