GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
Use After Free in Context::start_auth_session
Moderate
GHSA-w3vw-ccc5-qr8v
was published
for
tss-esapi
(Rust)
Jun 17, 2022
Miscomputation when performing AES encryption in rust-crypto
Critical
GHSA-jp3w-3q88-34cf
was published
for
rust-crypto
(Rust)
Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
High
GHSA-p56p-gq3f-whg8
was published
for
flumedb
(Rust)
Jun 16, 2022
`SegQueue` creates zero value of any type
Moderate
GHSA-8gj8-hv75-gp94
was published
for
crossbeam
(Rust)
Jun 16, 2022
vec-const attempts to construct a Vec from a pointer to a const slice
Moderate
GHSA-jmwx-r3gq-qq3p
was published
for
vec-const
(Rust)
Jun 17, 2022
Channel creates zero value of any type
High
GHSA-9g55-pg62-m8hh
was published
for
crossbeam-channel
(Rust)
Jun 16, 2022
Parser creates invalid uninitialized value
High
GHSA-f67m-9j94-qv9j
was published
for
hyper
(Rust)
Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
High
GHSA-qj69-c89v-jwq2
was published
for
ash
(Rust)
Jun 16, 2022
`SegQueue` creates zero value of any type
Moderate
GHSA-6888-wf7j-34jq
was published
for
crossbeam-queue
(Rust)
Jun 16, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
AtomicBucket<T> unconditionally implements Send/Sync
Moderate
GHSA-3hxh-7jxm-59x4
was published
for
metrics-util
(Rust)
Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Stack overflow in rustc_serialize when parsing deeply nested JSON
Moderate
GHSA-2226-4v3c-cff8
was published
for
rustc-serialize
(Rust)
Jun 17, 2022
Delegate functions are missing `Send` bound
Critical
GHSA-x4mq-m75f-mx8m
was published
for
windows
(Rust)
Jun 17, 2022
Arrow2 allows double free in `safe` code
High
GHSA-5j8w-r7g8-5472
was published
for
arrow2
(Rust)
Jun 16, 2022
Threshold value is ignored (all shares are n=3)
Low
GHSA-978j-88f3-p5j3
was published
for
shamir
(Rust)
Jun 17, 2022
`BinaryArray` does not perform bound checks on reading values and offsets
High
GHSA-r7cj-wmwv-hfw5
was published
for
arrow
(Rust)
Jun 16, 2022
`array!` macro is unsound when its length is impure constant
Moderate
GHSA-7v4j-8wvr-v55r
was published
for
array-macro
(Rust)
Jun 16, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets
High
GHSA-qgrp-8f3v-q85p
was published
for
arrow
(Rust)
Jun 16, 2022
Library exclusively intended to obfuscate code.
Moderate
GHSA-gfg9-x6px-r7gr
was published
for
plutonium
(Rust)
Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings
Moderate
GHSA-rwf4-gx62-rqfw
was published
for
crossbeam
(Rust)
Jun 8, 2022
mozjpeg DecompressScanlines::read_scanlines is Unsound
High
GHSA-v8gq-5grq-9728
was published
for
mozjpeg
(Rust)
Sep 16, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Moderate
GHSA-p75v-367r-2v23
was published
for
cell-project
(Rust)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API