Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
openssl-src NULL pointer Dereference in signature_algorithms processing Moderate
CVE-2021-3449 was published for openssl-src (Rust) Aug 25, 2021
another-rex
Multiple soundness issues in lexical Moderate
GHSA-c2hm-mjxv-89r4 was published for lexical (Rust) Sep 4, 2023
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value` Moderate
GHSA-5m39-wx2q-mxg3 was published for lzf (Rust) Nov 8, 2022
mail-internals use-after-free vulnerability in `vec_insert_bytes` Moderate
GHSA-rcx8-48pc-v9q8 was published for mail-internals (Rust) Aug 24, 2023
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
`ed25519-dalek` Double Public Key Signing Function Oracle Attack Moderate
GHSA-w5vr-6qhr-36cc was published for ed25519-dalek (Rust) Aug 14, 2023
Cargo extracting malicious crates can fill the file system Moderate
CVE-2022-36114 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
Transaction validity oversight in pallet-ethereum Moderate
CVE-2021-39193 was published for frontier (Rust) Sep 1, 2021
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` Moderate
GHSA-g753-ghr7-q33w was published for cyfs-base (Rust) Jun 22, 2023
Race condition in tokio Moderate
CVE-2021-38191 was published for tokio (Rust) Aug 25, 2021
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption Moderate
CVE-2020-35908 was published for futures-util (Rust) May 24, 2022
`openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
GHSA-xcf7-rvmh-g6q4 was published for openssl (Rust) Jun 21, 2023
memoffset allows reading uninitialized memory Moderate
GHSA-wfg4-322g-9vqv was published for memoffset (Rust) Jun 21, 2023
Ouroboros is Unsound Moderate
GHSA-87mf-9wg6-ppf8 was published for ouroboros (Rust) Jun 12, 2023
`net2` invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35919 was published for net2 (Rust) May 24, 2022
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime Moderate
CVE-2021-39218 was published for wasmtime (Rust) Sep 20, 2021
cfallin fitzgen
Wrong type for `Linker`-define functions when used across two `Engine`s Moderate
CVE-2021-39219 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton
Use after free passing `externref`s to Wasm in Wasmtime Moderate
CVE-2021-39216 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton fitzgen
cfallin
Data races in try-mutex Moderate
CVE-2020-35924 was published for try-mutex (Rust) Aug 25, 2021
Data race in va-ts Moderate
CVE-2020-36220 was published for va-ts (Rust) Aug 25, 2021
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API