GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
781 advisories
Filter by severity
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Moderate
GHSA-8r5v-vm4m-4g25
was published
for
h2
(Rust)
Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception in surrealdb
Moderate
GHSA-jm4v-58r5-66hj
was published
for
surrealdb
(Rust)
Jan 18, 2024
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Rust EVM erroneousle handles `record_external_operation` error return
Moderate
CVE-2024-21629
was published
for
evm
(Rust)
Jan 3, 2024
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
Remotely exploitable denial of service in Rosenpass
High
GHSA-6ggr-cwv4-g7qg
was published
for
rosenpass
(Rust)
Dec 21, 2023
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Moderate
GHSA-r24f-hg58-vfrw
was published
for
unsafe-libyaml
(Rust)
Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Zerocopy: Some Ref methods are unsound with some type parameters
Moderate
GHSA-rjhf-4mh8-9xjq
was published
for
zerocopy
(Rust)
Dec 18, 2023
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
Full Table Permissions by Default
High
GHSA-x5fr-7hhj-34j3
was published
for
surrealdb
(Rust)
Dec 15, 2023
Unbounded queuing of path validation messages in cloudflare-quiche
Moderate
CVE-2023-6193
was published
for
quiche
(Rust)
Dec 13, 2023
Wasmer filesystem sandbox not enforced
High
CVE-2023-51661
was published
for
wasmer-cli
(Rust)
Dec 13, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
Environment variables still accessible through /proc
Moderate
GHSA-wj7f-468m-6mv8
was published
for
birdcage
(Rust)
Dec 1, 2023
ProTip!
Advisories are also available from the
GraphQL API