GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
openssl-src NULL pointer Dereference in signature_algorithms processing
Moderate
CVE-2021-3449
was published
for
openssl-src
(Rust)
Aug 25, 2021
Multiple soundness issues in lexical
Moderate
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`
Moderate
GHSA-5m39-wx2q-mxg3
was published
for
lzf
(Rust)
Nov 8, 2022
mail-internals use-after-free vulnerability in `vec_insert_bytes`
Moderate
GHSA-rcx8-48pc-v9q8
was published
for
mail-internals
(Rust)
Aug 24, 2023
Unsafe parsing in SWHKD
Moderate
CVE-2022-27819
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Moderate
GHSA-w5vr-6qhr-36cc
was published
for
ed25519-dalek
(Rust)
Aug 14, 2023
Cargo extracting malicious crates can fill the file system
Moderate
CVE-2022-36114
was published
for
cargo
(Rust)
Sep 16, 2022
impl `FromMdbValue` for bool is unsound
Moderate
GHSA-f9g6-fp84-fv92
was published
for
lmdb-rs
(Rust)
Jul 19, 2023
Transaction validity oversight in pallet-ethereum
Moderate
CVE-2021-39193
was published
for
frontier
(Rust)
Sep 1, 2021
NULL pointer derefernce in `stb_image`
Moderate
GHSA-ppjr-267j-5p9x
was published
for
stb_image
(Rust)
Mar 20, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Moderate
GHSA-hxq4-mx37-fqvg
was published
for
s2n-quic
(Rust)
Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Moderate
GHSA-g753-ghr7-q33w
was published
for
cyfs-base
(Rust)
Jun 22, 2023
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Moderate
CVE-2020-35908
was published
for
futures-util
(Rust)
May 24, 2022
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-xcf7-rvmh-g6q4
was published
for
openssl
(Rust)
Jun 21, 2023
memoffset allows reading uninitialized memory
Moderate
GHSA-wfg4-322g-9vqv
was published
for
memoffset
(Rust)
Jun 21, 2023
`net2` invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35919
was published
for
net2
(Rust)
May 24, 2022
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Moderate
CVE-2021-39218
was published
for
wasmtime
(Rust)
Sep 20, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s
Moderate
CVE-2021-39219
was published
for
wasmtime
(Rust)
Sep 20, 2021
Use after free passing `externref`s to Wasm in Wasmtime
Moderate
CVE-2021-39216
was published
for
wasmtime
(Rust)
Sep 20, 2021
`temporary` makes use of uninitialized memory
Moderate
GHSA-2jq9-6xx7-3h29
was published
for
temporary
(Rust)
Aug 11, 2022
ProTip!
Advisories are also available from the
GraphQL API