GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
socket2 invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35920
was published
for
net2
(Rust)
Aug 25, 2021
Use after free in libpulse-binding
Moderate
CVE-2018-25001
was published
for
libpulse-binding
(Rust)
Aug 30, 2021
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
Svix vulnerable to improper comparison of different-length signatures
Moderate
GHSA-w277-wpqf-rcfv
was published
for
svix
(Rust)
Feb 6, 2024
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
Nervos CKB Permit load cell data from memory
Moderate
GHSA-29c2-65rj-h343
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Moderate
GHSA-h4c3-5275-vrmg
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Moderate
GHSA-r9rv-9mh8-pxf4
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference
Moderate
GHSA-q669-2vfg-cxcg
was published
for
ckb
(Rust)
Feb 2, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain
Moderate
CVE-2020-12439
was published
for
grin
(Rust)
May 24, 2022
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Use-after-free when setting the locale
Moderate
GHSA-c8v3-jhv9-4ppc
was published
for
rust-i18n-support
(Rust)
Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone
Moderate
GHSA-w59h-378f-2frm
was published
for
threadalone
(Rust)
Jan 23, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Moderate
GHSA-8r5v-vm4m-4g25
was published
for
h2
(Rust)
Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception in surrealdb
Moderate
GHSA-jm4v-58r5-66hj
was published
for
surrealdb
(Rust)
Jan 18, 2024
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
Rust EVM erroneousle handles `record_external_operation` error return
Moderate
CVE-2024-21629
was published
for
evm
(Rust)
Jan 3, 2024
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Moderate
GHSA-r24f-hg58-vfrw
was published
for
unsafe-libyaml
(Rust)
Dec 21, 2023
libostree vulnerable to denial of service attack
Moderate
CVE-2022-47085
was published
for
ostree
(Rust)
Jul 18, 2023
ProTip!
Advisories are also available from the
GraphQL API