GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
326 advisories
Filter by severity
Remotely exploitable denial of service in Rosenpass
High
GHSA-6ggr-cwv4-g7qg
was published
for
rosenpass
(Rust)
Dec 21, 2023
Full Table Permissions by Default
High
GHSA-x5fr-7hhj-34j3
was published
for
surrealdb
(Rust)
Dec 15, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
Stack consumption in trust-dns-server
High
CVE-2020-35857
was published
for
trust-dns-server
(Rust)
Aug 25, 2021
Insufficient covariance check makes self_cell unsound
High
GHSA-48m6-wm5p-rr6h
was published
for
self_cell
(Rust)
Nov 14, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
xml-rs vulnerable to denial of service via invalid token in XML document
High
CVE-2023-34411
was published
for
xml-rs
(Rust)
Jun 5, 2023
urlnorm vulnerable to Regular Expression Denial of Service
High
CVE-2023-33289
was published
for
urlnorm
(Rust)
Jun 21, 2023
Incorrect implementation in streebog
High
CVE-2019-25007
was published
for
streebog
(Rust)
Aug 25, 2021
Incorrect implementation of the Streebog hash functions in streebog
High
CVE-2019-25006
was published
for
streebog
(Rust)
Aug 25, 2021
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
Invalid handling of `X509_verify_cert()` internal errors in libssl
High
CVE-2021-4044
was published
for
openssl-src
(Rust)
Dec 15, 2021
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
BER/CER/DER decoder panics on invalid input
High
CVE-2023-39914
was published
for
bcder
(Rust)
Sep 13, 2023
Denial of Service issue in quinn-proto
High
CVE-2023-42805
was published
for
quinn-proto
(Rust)
Sep 21, 2023
Improper handling of NTS cookie length that could crash the ntpd-rs server
High
CVE-2023-33192
was published
for
ntpd
(Rust)
May 25, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Use of Uninitialized Resource in smallvec
High
CVE-2018-25023
was published
for
smallvec
(Rust)
Jan 6, 2022
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
ProTip!
Advisories are also available from the
GraphQL API