GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
326 advisories
Filter by severity
eza Potential Heap Overflow Vulnerability for AArch64
High
CVE-2024-25817
was published
for
eza
(Rust)
Feb 8, 2024
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
Externally Controlled Format String in Scripting Functions
High
GHSA-q3gg-m8hr-h4x4
was published
for
surrealdb
(Rust)
Feb 21, 2024
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
High
GHSA-22q8-ghmq-63vf
was published
for
libgit2-sys
(Rust)
Feb 12, 2024
serde-json-wasm stack overflow during recursive JSON parsing
High
GHSA-rr69-rxr6-8qwf
was published
for
serde-json-wasm
(Rust)
Feb 9, 2024
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
High
CVE-2023-0216
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex`
High
CVE-2022-4450
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key
High
CVE-2023-0217
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification
High
CVE-2023-0401
was published
for
openssl-src
(Rust)
Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels
High
CVE-2023-0286
was published
for
cryptography
(pip)
Feb 8, 2023
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
High
CVE-2022-3358
was published
for
openssl-src
(Rust)
Oct 11, 2022
Nervos CKB Snappy decompress length can be very large and causes out of memory error
High
GHSA-3gjh-29fv-8hr6
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Panic on malformed input
High
GHSA-wjxc-pjx9-4wvm
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB node panics when processing a block which parent timestamp is too new
High
GHSA-hjqq-29pw-96wj
was published
for
ckb
(Rust)
Feb 2, 2024
Any authenticated user may obtain private message details from other users on the same instance
High
CVE-2024-23649
was published
for
lemmy_server
(Rust)
Jan 24, 2024
Multiple issues involving quote API in shlex
High
GHSA-r7qv-8r2h-pg27
was published
for
shlex
(Rust)
Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
Wasmer filesystem sandbox not enforced
High
CVE-2023-51661
was published
for
wasmer-cli
(Rust)
Dec 13, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
ProTip!
Advisories are also available from the
GraphQL API