GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
scalarmult() vulnerable to degenerate public keys
Moderate
CVE-2017-1000168
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
use-after-free vulnerability in Rust array-queue
Moderate
CVE-2020-35900
was published
for
array-queue
(Rust)
Aug 25, 2021
Partial read is incorrect in molecule
Moderate
GHSA-82hm-vh7g-hrh9
was published
for
molecule
(Rust)
Aug 25, 2021
Observable Discrepancy in libsecp256k1-rs
Moderate
CVE-2019-20399
was published
for
libsecp256k1-rs
(Rust)
Aug 25, 2021
Use after free in libpulse-binding
Moderate
CVE-2018-25001
was published
for
libpulse-binding
(Rust)
Aug 30, 2021
Transaction validity oversight in pallet-ethereum
Moderate
CVE-2021-39193
was published
for
frontier
(Rust)
Sep 1, 2021
Memory Safety Issue when using patch or merge on state and assign the result back to state
Moderate
CVE-2021-39228
was published
for
tremor-script
(Rust)
Sep 20, 2021
Use after free passing `externref`s to Wasm in Wasmtime
Moderate
CVE-2021-39216
was published
for
wasmtime
(Rust)
Sep 20, 2021
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Moderate
CVE-2021-39218
was published
for
wasmtime
(Rust)
Sep 20, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s
Moderate
CVE-2021-39219
was published
for
wasmtime
(Rust)
Sep 20, 2021
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-26281
was published
for
async-h1
(Rust)
Oct 12, 2021
Validity check missing in Frontier
Moderate
CVE-2021-41138
was published
for
Frontier
(Rust)
Oct 13, 2021
Unexpected panics in num-bigint
Moderate
GHSA-v935-pqmr-g8v9
was published
for
num-bigint
(Rust)
Nov 3, 2021
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Integer underflow in Frontier
Moderate
CVE-2022-21685
was published
for
frontier
(Rust)
Jan 14, 2022
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Moderate
CVE-2022-23636
was published
for
wasmtime
(Rust)
Feb 16, 2022
Unsafe parsing in SWHKD
Moderate
CVE-2022-27819
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate
Moderate
CVE-2022-1343
was published
for
openssl-src
(Rust)
May 4, 2022
Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain
Moderate
CVE-2020-12439
was published
for
grin
(Rust)
May 24, 2022
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
MutexGuard::map can cause a data race in safe code
Moderate
CVE-2020-35905
was published
for
futures-util
(Rust)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API