GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
Array size is not checked in sized-chunks
High
CVE-2020-25793
was published
for
sized-chunks
(Rust)
Aug 25, 2021
Multiple memory safety issues in actix-web
Moderate
GHSA-w65j-g6c7-g3m4
was published
for
actix-web
(Rust)
Aug 25, 2021
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb
High
GHSA-j35p-q24r-5367
was published
for
ckb
(Rust)
Apr 22, 2022
Relative Path Traversal in afire serve_static
High
GHSA-3227-r97m-8j95
was published
for
afire
(Rust)
Apr 22, 2022
traitobject is Unmaintained
Critical
GHSA-pp8r-vv2j-9j5v
was published
for
traitobject
(Rust)
Sep 16, 2022
wee_alloc is Unmaintained
Critical
GHSA-rc23-xxgq-x27g
was published
for
wee_alloc
(Rust)
Sep 16, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Moderate
GHSA-p75v-367r-2v23
was published
for
cell-project
(Rust)
Sep 16, 2022
mozjpeg DecompressScanlines::read_scanlines is Unsound
High
GHSA-v8gq-5grq-9728
was published
for
mozjpeg
(Rust)
Sep 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings
Moderate
GHSA-rwf4-gx62-rqfw
was published
for
crossbeam
(Rust)
Jun 8, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets
High
GHSA-qgrp-8f3v-q85p
was published
for
arrow
(Rust)
Jun 16, 2022
`array!` macro is unsound when its length is impure constant
Moderate
GHSA-7v4j-8wvr-v55r
was published
for
array-macro
(Rust)
Jun 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets
High
GHSA-r7cj-wmwv-hfw5
was published
for
arrow
(Rust)
Jun 16, 2022
Library exclusively intended to obfuscate code.
Moderate
GHSA-gfg9-x6px-r7gr
was published
for
plutonium
(Rust)
Jun 16, 2022
Threshold value is ignored (all shares are n=3)
Low
GHSA-978j-88f3-p5j3
was published
for
shamir
(Rust)
Jun 17, 2022
Arrow2 allows double free in `safe` code
High
GHSA-5j8w-r7g8-5472
was published
for
arrow2
(Rust)
Jun 16, 2022
Delegate functions are missing `Send` bound
Critical
GHSA-x4mq-m75f-mx8m
was published
for
windows
(Rust)
Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
AtomicBucket<T> unconditionally implements Send/Sync
Moderate
GHSA-3hxh-7jxm-59x4
was published
for
metrics-util
(Rust)
Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Stack overflow in rustc_serialize when parsing deeply nested JSON
Moderate
GHSA-2226-4v3c-cff8
was published
for
rustc-serialize
(Rust)
Jun 17, 2022
Parser creates invalid uninitialized value
High
GHSA-f67m-9j94-qv9j
was published
for
hyper
(Rust)
Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
High
GHSA-qj69-c89v-jwq2
was published
for
ash
(Rust)
Jun 16, 2022
`SegQueue` creates zero value of any type
Moderate
GHSA-6888-wf7j-34jq
was published
for
crossbeam-queue
(Rust)
Jun 16, 2022
Channel creates zero value of any type
High
GHSA-9g55-pg62-m8hh
was published
for
crossbeam-channel
(Rust)
Jun 16, 2022
ProTip!
Advisories are also available from the
GraphQL API