GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
High
CVE-2024-27935
was published
for
deno
(Rust)
Mar 5, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Moderate
CVE-2024-27932
was published
for
deno
(Rust)
Mar 6, 2024
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Moderate
CVE-2022-31104
was published
for
cranelift-codegen
(Rust)
Jun 29, 2022
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Moderate
CVE-2024-1765
was published
for
quiche
(Rust)
Mar 13, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
Mio's tokens for named pipes may be delivered after deregistration
High
CVE-2024-27308
was published
for
mio
(Rust)
Mar 4, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
*const c_void / ExternalPointer unsoundness leading to use-after-free
Moderate
CVE-2024-27934
was published
for
Deno
(Rust)
Mar 6, 2024
eza Potential Heap Overflow Vulnerability for AArch64
High
CVE-2024-25817
was published
for
eza
(Rust)
Feb 8, 2024
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64
Moderate
GHSA-3xc6-7h59-j2x4
was published
for
eza
(Rust)
Mar 6, 2024
•
withdrawn
Insufficient permission checking in `Deno.makeTemp*` APIs
Moderate
CVE-2024-27931
was published
for
deno
(Rust)
Mar 5, 2024
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
Externally Controlled Format String in Scripting Functions
High
GHSA-q3gg-m8hr-h4x4
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception in Macro Expecting Native Function to Exist
Moderate
GHSA-6wr5-jmpr-mjcx
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception Handling Parsing Errors on Line Terminators
Moderate
GHSA-8xff-473h-f863
was published
for
surrealdb
(Rust)
Feb 21, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
socket2 invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35920
was published
for
net2
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API