GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
276 advisories
Filter by severity
odoh-rs's Invalid Slice Split Results in Server Panic
Moderate
CVE-2023-3766
was published
for
odoh-rs
(Rust)
Aug 3, 2023
impl `FromMdbValue` for bool is unsound
Moderate
GHSA-f9g6-fp84-fv92
was published
for
lmdb-rs
(Rust)
Jul 19, 2023
libostree vulnerable to denial of service attack
Moderate
CVE-2022-47085
was published
for
ostree
(Rust)
Jul 18, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Moderate
GHSA-hxq4-mx37-fqvg
was published
for
s2n-quic
(Rust)
Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Moderate
GHSA-g753-ghr7-q33w
was published
for
cyfs-base
(Rust)
Jun 22, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-xcf7-rvmh-g6q4
was published
for
openssl
(Rust)
Jun 21, 2023
memoffset allows reading uninitialized memory
Moderate
GHSA-wfg4-322g-9vqv
was published
for
memoffset
(Rust)
Jun 21, 2023
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
Moderate
CVE-2023-34460
was published
for
tauri
(Rust)
Jun 21, 2023
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Moderate
CVE-2023-34449
was published
for
ink
(Rust)
Jun 14, 2023
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Moderate
GHSA-5fm9-h728-fwpj
was published
for
trust-dns-server
(Rust)
Jun 6, 2023
sccache vulnerable to privilege escalation if server is run as root
Moderate
CVE-2023-1521
was published
for
sccache
(Rust)
May 30, 2023
Stored cross site scripting in Microbin
Moderate
CVE-2023-27075
was published
for
microbin
(Rust)
May 4, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Moderate
CVE-2023-31134
was published
for
tauri
(Rust)
May 3, 2023
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
Moderate
CVE-2023-30610
was published
for
aws-sigv4
(Rust)
Apr 26, 2023
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Moderate
GHSA-qvc4-78gw-pv8p
was published
for
enumflags2
(Rust)
Apr 24, 2023
Parsing borsh messages with ZST which are not-copy/clone is unsound
Moderate
GHSA-fjx5-qpf4-xjf2
was published
for
borsh
(Rust)
Apr 17, 2023
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
Moderate
GHSA-fq33-vmhv-48xh
was published
for
ntru
(Rust)
Apr 7, 2023
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Moderate
GHSA-2qv5-7mw5-j3cg
was published
for
spin
(Rust)
Apr 3, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Comrak AST node data is not validated (GHSL-2023-049)
Moderate
CVE-2023-28631
was published
for
comrak
(Rust)
Mar 28, 2023
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Moderate
GHSA-xxmq-4vph-956w
was published
for
comrak
(Rust)
Mar 28, 2023
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Moderate
CVE-2023-28626
was published
for
comrak
(Rust)
Mar 28, 2023
NATS TLS certificate common name validation bypass
Moderate
GHSA-wvc4-j7g5-4f79
was published
for
nats
(Rust)
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API