GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
339 advisories
Filter by severity
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
Denial of Service issue in quinn-proto
High
CVE-2023-42805
was published
for
quinn-proto
(Rust)
Sep 21, 2023
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
BER/CER/DER decoder panics on invalid input
High
CVE-2023-39914
was published
for
bcder
(Rust)
Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
rustls-webpki: CPU denial of service in certificate path building
High
GHSA-fh2r-99q2-6mmg
was published
for
rustls-webpki
(Rust)
Aug 22, 2023
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
urlnorm vulnerable to Regular Expression Denial of Service
High
CVE-2023-33289
was published
for
urlnorm
(Rust)
Jun 21, 2023
xml-rs vulnerable to denial of service via invalid token in XML document
High
CVE-2023-34411
was published
for
xml-rs
(Rust)
Jun 5, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Improper handling of NTS cookie length that could crash the ntpd-rs server
High
CVE-2023-33192
was published
for
ntpd
(Rust)
May 25, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization
High
CVE-2023-28446
was published
for
deno
(Rust)
Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
High
GHSA-9qwg-crg9-m2vc
was published
for
openssl
(Rust)
Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
High
GHSA-6hcf-g6gr-hhcr
was published
for
openssl
(Rust)
Mar 24, 2023
Frontier's modexp precompile is slow for even modulus
High
CVE-2023-28431
was published
for
frontier
(Rust)
Mar 21, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
High
GHSA-xr9w-x6gw-c9mj
was published
for
deno
(Rust)
Feb 25, 2023
•
withdrawn
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
High
CVE-2023-0215
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
High
CVE-2023-0216
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex`
High
CVE-2022-4450
was published
for
openssl-src
(Rust)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API