Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

782 advisories

Loading
Use after free in libpulse-binding Moderate
CVE-2018-25001 was published for libpulse-binding (Rust) Aug 30, 2021
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2 High
GHSA-22q8-ghmq-63vf was published for libgit2-sys (Rust) Feb 12, 2024
Unauthenticated Nonce Increment in snow Moderate
GHSA-7g9j-g5jg-3vv3 was published for snow (Rust) Jan 24, 2024
serde-json-wasm stack overflow during recursive JSON parsing High
GHSA-rr69-rxr6-8qwf was published for serde-json-wasm (Rust) Feb 9, 2024
Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024
openssl-src subject to Timing Oracle in RSA Decryption Moderate
CVE-2022-4304 was published for openssl-src (Rust) Feb 8, 2023
another-rex
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions High
CVE-2023-0216 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex` High
CVE-2022-4450 was published for openssl-src (Rust) Feb 8, 2023
michaelkedar
openssl-src subject to NULL dereference validating DSA public key High
CVE-2023-0217 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification High
CVE-2023-0401 was published for openssl-src (Rust) Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Using a Custom Cipher with `NID_undef` may lead to NULL encryption High
CVE-2022-3358 was published for openssl-src (Rust) Oct 11, 2022
Nervos CKB Permit load cell data from memory Moderate
GHSA-29c2-65rj-h343 was published for ckb (Rust) Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics Moderate
GHSA-h4c3-5275-vrmg was published for ckb (Rust) Feb 3, 2024
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result Critical
GHSA-q73f-w3h7-7wcc was published for ckb (Rust) Feb 3, 2024
Nervos CKB Snappy decompress length can be very large and causes out of memory error High
GHSA-3gjh-29fv-8hr6 was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB Panic on malformed input High
GHSA-wjxc-pjx9-4wvm was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB node panics when processing a block which parent timestamp is too new High
GHSA-hjqq-29pw-96wj was published for ckb (Rust) Feb 2, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block Moderate
GHSA-r9rv-9mh8-pxf4 was published for ckb (Rust) Feb 2, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP Low
GHSA-pr39-8257-fxc2 was published for ckb (Rust) Feb 2, 2024
Nervos CKB P2P DoS Attacks Critical
GHSA-84x2-2qv6-qg56 was published for ckb (Rust) Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference Moderate
GHSA-q669-2vfg-cxcg was published for ckb (Rust) Feb 2, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
ProTip! Advisories are also available from the GraphQL API