Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
Remotely exploitable denial of service in Rosenpass High
GHSA-6ggr-cwv4-g7qg was published for rosenpass (Rust) Dec 21, 2023
Full Table Permissions by Default High
GHSA-x5fr-7hhj-34j3 was published for surrealdb (Rust) Dec 15, 2023
LucyEgan
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
Stack consumption in trust-dns-server High
CVE-2020-35857 was published for trust-dns-server (Rust) Aug 25, 2021
tdunlap607
Insufficient covariance check makes self_cell unsound High
GHSA-48m6-wm5p-rr6h was published for self_cell (Rust) Nov 14, 2023
blurhash panics on parsing crafted inputs High
CVE-2023-42447 was published for blurhash (Rust) Sep 21, 2023
rubdos
Cargo not respecting umask when extracting crate archives High
CVE-2023-38497 was published for cargo (Rust) Aug 3, 2023
addisoncrump pietroalbini
weihanglo ehuss cuviper Manishearth
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
urlnorm vulnerable to Regular Expression Denial of Service High
CVE-2023-33289 was published for urlnorm (Rust) Jun 21, 2023
Incorrect implementation in streebog High
CVE-2019-25007 was published for streebog (Rust) Aug 25, 2021
Incorrect implementation of the Streebog hash functions in streebog High
CVE-2019-25006 was published for streebog (Rust) Aug 25, 2021
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 gferon
Double free in glsl-layout High
CVE-2021-25902 was published for glsl-layout (Rust) Aug 25, 2021
Invalid handling of `X509_verify_cert()` internal errors in libssl High
CVE-2021-4044 was published for openssl-src (Rust) Dec 15, 2021
pinkforest
lol-html panics on certain HTML inputs High
CVE-2023-4241 was published for lol-html (Rust) Aug 9, 2023
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
zola Path Traversal vulnerability High
CVE-2023-40274 was published for zola (Rust) Aug 14, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions High
CVE-2023-45812 was published for apollo-router (Rust) Oct 19, 2023
garypen BrynCooke
BryanBarron jasonbarnett667 shorgi
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
BER/CER/DER decoder panics on invalid input High
CVE-2023-39914 was published for bcder (Rust) Sep 13, 2023
Denial of Service issue in quinn-proto High
CVE-2023-42805 was published for quinn-proto (Rust) Sep 21, 2023
QUICTester
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Use of Uninitialized Resource in smallvec High
CVE-2018-25023 was published for smallvec (Rust) Jan 6, 2022
tdunlap607
webpki: CPU denial of service in certificate path building High
GHSA-8qv2-5vq6-g2g7 was published for webpki (Rust) Aug 25, 2023
nipunn1313 phil-opp
ProTip! Advisories are also available from the GraphQL API