Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
Out of bounds read in bumpalo High
CVE-2020-35861 was published for bumpalo (Rust) Aug 25, 2021
Unaligned references in sized-chunks High
CVE-2020-25796 was published for sized-chunks (Rust) Aug 25, 2021
Uncontrolled recursion in ammonia High
CVE-2019-15542 was published for ammonia (Rust) Aug 25, 2021
Array size is not checked in sized-chunks High
CVE-2020-25793 was published for sized-chunks (Rust) Aug 25, 2021
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb High
GHSA-j35p-q24r-5367 was published for ckb (Rust) Apr 22, 2022
Relative Path Traversal in afire serve_static High
GHSA-3227-r97m-8j95 was published for afire (Rust) Apr 22, 2022
w-henderson
mozjpeg DecompressScanlines::read_scanlines is Unsound High
GHSA-v8gq-5grq-9728 was published for mozjpeg (Rust) Sep 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets High
GHSA-r7cj-wmwv-hfw5 was published for arrow (Rust) Jun 16, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets High
GHSA-qgrp-8f3v-q85p was published for arrow (Rust) Jun 16, 2022
Arrow2 allows double free in `safe` code High
GHSA-5j8w-r7g8-5472 was published for arrow2 (Rust) Jun 16, 2022
A malicious coder can get unsound access to TCell or TLCell memory High
GHSA-9c9f-7x9p-4wqp was published for qcell (Rust) Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
KamilaBorowska
Parser creates invalid uninitialized value High
GHSA-f67m-9j94-qv9j was published for hyper (Rust) Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` ) High
GHSA-qj69-c89v-jwq2 was published for ash (Rust) Jun 16, 2022
Channel creates zero value of any type High
GHSA-9g55-pg62-m8hh was published for crossbeam-channel (Rust) Jun 16, 2022
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` ) High
GHSA-p56p-gq3f-whg8 was published for flumedb (Rust) Jun 16, 2022
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
Creator Verification Error when Bubblegum Activate High
GHSA-8r76-fr72-j32w was published for mpl-bubblegum (Rust) Dec 12, 2022
Memory access due to code generation flaw in Cranelift module High
CVE-2021-32629 was published for cranelift-codegen (Rust) Aug 25, 2021
Data races in convec High
CVE-2020-36445 was published for convec (Rust) Aug 25, 2021
Data races in libsbc High
CVE-2020-36440 was published for libsbc (Rust) Aug 25, 2021
Data races in beef High
CVE-2020-36442 was published for beef (Rust) Aug 25, 2021
Data races in unicycle High
CVE-2020-36436 was published for unicycle (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database