Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Use of Uninitialized Resource in messagepack-rs Critical
CVE-2021-45691 was published for messagepack-rs (Rust) Jan 6, 2022
Use of Uninitialized Resource in messagepack-rs. Critical
CVE-2021-45692 was published for messagepack-rs (Rust) Jan 6, 2022
Use of Uninitialized Resource in gfx-auxil Critical
CVE-2021-45689 was published for gfx-auxil (Rust) Jan 6, 2022
Use of Uninitialized Resource in messagepack-rs. Critical
CVE-2021-45690 was published for messagepack-rs (Rust) Jan 6, 2022
Incorrect reliance on Trait memory layout in mopa Critical
CVE-2021-45695 was published for mopa (Rust) Jan 6, 2022
RPC call failure in ckb Critical
CVE-2021-45698 was published for ckb (Rust) Jan 6, 2022
The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule. Critical
CVE-2021-45697 was published for molecule (Rust) Jan 6, 2022
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
Use After Free in tremor-script Critical
CVE-2021-45701 was published for tremor-script (Rust) Jan 6, 2022
Use of Uninitialized Resource in tectonic_xdv Critical
CVE-2021-45703 was published for tectonic_xdv (Rust) Jan 6, 2022
Pointer dereference in nanorand Critical
CVE-2021-45705 was published for nanorand (Rust) Jan 6, 2022
Memory flaw in zeroize_derive Critical
CVE-2021-45706 was published for zeroize_derive (Rust) Jan 6, 2022
KamilaBorowska
Use of a Broken or Risky Cryptographic Algorithm in crypto2 Critical
CVE-2021-45709 was published for crypto2 (Rust) Jan 6, 2022
Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical
CVE-2021-32619 was published for deno (Rust) Sep 23, 2021
nayeemrmn
Drop of uninitialized memory in stack_dst Critical
CVE-2021-28035 was published for stack_dst (Rust) Sep 1, 2021
Double free in stack_dst Critical
CVE-2021-28034 was published for stack_dst (Rust) Sep 1, 2021
Double free in toodee Critical
CVE-2021-28028 was published for toodee (Rust) Sep 1, 2021
Process crashes when the cell used as DepGroup is not alive Critical
GHSA-45p7-c959-rgcm was published for ckb (Rust) Aug 25, 2021
crossbeam-deque Data Race before v0.7.4 and v0.8.1 Critical
CVE-2021-32810 was published for crossbeam-deque (Rust) Aug 25, 2021
kmaork
Use of Uninitialized Resource in alg_ds Critical
CVE-2020-36432 was published for alg_ds (Rust) Aug 25, 2021
Use of Uninitialized Resource in libp2p-deflate Critical
CVE-2020-36443 was published for libp2p-deflate (Rust) Aug 25, 2021
Buffer overflow and format vulnerabilities in ncurses Critical
CVE-2019-15548 was published for ncurses (Rust) Aug 25, 2021
Double free in sys-info Critical
CVE-2020-36434 was published for sys-info (Rust) Aug 25, 2021
Memory corruption in array-tools Critical
CVE-2020-36452 was published for array-tools (Rust) Aug 25, 2021
Unaligned memory access in rand_core Critical
CVE-2020-25576 was published for rand_core (Rust) Aug 25, 2021
rillian
ProTip! Advisories are also available from the GraphQL API