Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

782 advisories

Loading
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
Use After Free in Context::start_auth_session Moderate
GHSA-w3vw-ccc5-qr8v was published for tss-esapi (Rust) Jun 17, 2022
Miscomputation when performing AES encryption in rust-crypto Critical
GHSA-jp3w-3q88-34cf was published for rust-crypto (Rust) Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` ) High
GHSA-p56p-gq3f-whg8 was published for flumedb (Rust) Jun 16, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-8gj8-hv75-gp94 was published for crossbeam (Rust) Jun 16, 2022
vec-const attempts to construct a Vec from a pointer to a const slice Moderate
GHSA-jmwx-r3gq-qq3p was published for vec-const (Rust) Jun 17, 2022
Channel creates zero value of any type High
GHSA-9g55-pg62-m8hh was published for crossbeam-channel (Rust) Jun 16, 2022
Parser creates invalid uninitialized value High
GHSA-f67m-9j94-qv9j was published for hyper (Rust) Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` ) High
GHSA-qj69-c89v-jwq2 was published for ash (Rust) Jun 16, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-6888-wf7j-34jq was published for crossbeam-queue (Rust) Jun 16, 2022
A malicious coder can get unsound access to TCell or TLCell memory High
GHSA-9c9f-7x9p-4wqp was published for qcell (Rust) Jun 17, 2022
AtomicBucket<T> unconditionally implements Send/Sync Moderate
GHSA-3hxh-7jxm-59x4 was published for metrics-util (Rust) Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
KamilaBorowska
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
Delegate functions are missing `Send` bound Critical
GHSA-x4mq-m75f-mx8m was published for windows (Rust) Jun 17, 2022
KamilaBorowska
Arrow2 allows double free in `safe` code High
GHSA-5j8w-r7g8-5472 was published for arrow2 (Rust) Jun 16, 2022
Threshold value is ignored (all shares are n=3) Low
GHSA-978j-88f3-p5j3 was published for shamir (Rust) Jun 17, 2022
`BinaryArray` does not perform bound checks on reading values and offsets High
GHSA-r7cj-wmwv-hfw5 was published for arrow (Rust) Jun 16, 2022
`array!` macro is unsound when its length is impure constant Moderate
GHSA-7v4j-8wvr-v55r was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets High
GHSA-qgrp-8f3v-q85p was published for arrow (Rust) Jun 16, 2022
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
mozjpeg DecompressScanlines::read_scanlines is Unsound High
GHSA-v8gq-5grq-9728 was published for mozjpeg (Rust) Sep 16, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>` Moderate
GHSA-p75v-367r-2v23 was published for cell-project (Rust) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API