GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
339 advisories
Filter by severity
Unaligned references in sized-chunks
High
CVE-2020-25796
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Array size is not checked in sized-chunks
High
CVE-2020-25793
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb
High
GHSA-j35p-q24r-5367
was published
for
ckb
(Rust)
Apr 22, 2022
Relative Path Traversal in afire serve_static
High
GHSA-3227-r97m-8j95
was published
for
afire
(Rust)
Apr 22, 2022
mozjpeg DecompressScanlines::read_scanlines is Unsound
High
GHSA-v8gq-5grq-9728
was published
for
mozjpeg
(Rust)
Sep 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets
High
GHSA-r7cj-wmwv-hfw5
was published
for
arrow
(Rust)
Jun 16, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets
High
GHSA-qgrp-8f3v-q85p
was published
for
arrow
(Rust)
Jun 16, 2022
Arrow2 allows double free in `safe` code
High
GHSA-5j8w-r7g8-5472
was published
for
arrow2
(Rust)
Jun 16, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Parser creates invalid uninitialized value
High
GHSA-f67m-9j94-qv9j
was published
for
hyper
(Rust)
Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
High
GHSA-qj69-c89v-jwq2
was published
for
ash
(Rust)
Jun 16, 2022
Channel creates zero value of any type
High
GHSA-9g55-pg62-m8hh
was published
for
crossbeam-channel
(Rust)
Jun 16, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
High
GHSA-p56p-gq3f-whg8
was published
for
flumedb
(Rust)
Jun 16, 2022
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
Creator Verification Error when Bubblegum Activate
High
GHSA-8r76-fr72-j32w
was published
for
mpl-bubblegum
(Rust)
Dec 12, 2022
Memory access due to code generation flaw in Cranelift module
High
CVE-2021-32629
was published
for
cranelift-codegen
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API