GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Access of Uninitialized Pointer in linked-hash-map
Critical
CVE-2020-25573
was published
for
linked-hash-map
(Rust)
Aug 25, 2021
Incorrect Calculation in solana_rbpf
Critical
CVE-2022-23066
was published
for
solana_rbpf
(Rust)
May 10, 2022
Loading a bgzip block can write out of bounds if size overflows.
Critical
CVE-2021-28027
was published
for
bam
(Rust)
May 24, 2022
Fix a use-after-free bug in diesels Sqlite backend
Critical
CVE-2021-28305
was published
for
diesel
(Rust)
May 24, 2022
Insecure Temporary File in SWHKD
Critical
CVE-2022-27815
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Mar 31, 2022
Insecure temporary file usage in SWHKD
Critical
CVE-2022-27818
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
crossbeam-deque Data Race before v0.7.4 and v0.8.1
Critical
CVE-2021-32810
was published
for
crossbeam-deque
(Rust)
Aug 25, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Out of bounds write in nalgebra
Critical
CVE-2021-38190
was published
for
nalgebra
(Rust)
Aug 25, 2021
Use of Uninitialized Resource in libp2p-deflate
Critical
CVE-2020-36443
was published
for
libp2p-deflate
(Rust)
Aug 25, 2021
Memory corruption in array-tools
Critical
CVE-2020-36452
was published
for
array-tools
(Rust)
Aug 25, 2021
Use of Uninitialized Resource in alg_ds
Critical
CVE-2020-36432
was published
for
alg_ds
(Rust)
Aug 25, 2021
OS command injection in ripgrep
Critical
CVE-2021-3013
was published
for
grep-cli
(Rust)
Aug 5, 2021
Free of uninitialized memory in telemetry
Critical
CVE-2021-29937
was published
for
telemetry
(Rust)
Aug 25, 2021
Out of bounds write in calamine
Critical
CVE-2021-26951
was published
for
calamine
(Rust)
Aug 25, 2021
SMTP command injection in lettre
Critical
CVE-2021-38189
was published
for
lettre
(Rust)
Jul 12, 2021
Incorrect buffer size calculation in iced-x86
Critical
CVE-2021-38188
was published
for
iced-x86
(Rust)
Aug 25, 2021
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Critical
CVE-2023-26489
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API