GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
Use after free in libpulse-binding
Moderate
CVE-2018-25001
was published
for
libpulse-binding
(Rust)
Aug 30, 2021
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
High
GHSA-22q8-ghmq-63vf
was published
for
libgit2-sys
(Rust)
Feb 12, 2024
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
serde-json-wasm stack overflow during recursive JSON parsing
High
GHSA-rr69-rxr6-8qwf
was published
for
serde-json-wasm
(Rust)
Feb 9, 2024
Svix vulnerable to improper comparison of different-length signatures
Moderate
GHSA-w277-wpqf-rcfv
was published
for
svix
(Rust)
Feb 6, 2024
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
High
CVE-2023-0216
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex`
High
CVE-2022-4450
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key
High
CVE-2023-0217
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification
High
CVE-2023-0401
was published
for
openssl-src
(Rust)
Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels
High
CVE-2023-0286
was published
for
cryptography
(pip)
Feb 8, 2023
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
High
CVE-2022-3358
was published
for
openssl-src
(Rust)
Oct 11, 2022
Nervos CKB Permit load cell data from memory
Moderate
GHSA-29c2-65rj-h343
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Moderate
GHSA-h4c3-5275-vrmg
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Critical
GHSA-q73f-w3h7-7wcc
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Snappy decompress length can be very large and causes out of memory error
High
GHSA-3gjh-29fv-8hr6
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Panic on malformed input
High
GHSA-wjxc-pjx9-4wvm
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB node panics when processing a block which parent timestamp is too new
High
GHSA-hjqq-29pw-96wj
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Moderate
GHSA-r9rv-9mh8-pxf4
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Low
GHSA-pr39-8257-fxc2
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference
Moderate
GHSA-q669-2vfg-cxcg
was published
for
ckb
(Rust)
Feb 2, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
ProTip!
Advisories are also available from the
GraphQL API