GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Deno improperly handles resizable ArrayBuffer
Critical
CVE-2023-28445
was published
for
Deno
(Rust)
Mar 23, 2023
Calculation error in ark-r1cs-std
Critical
CVE-2021-38194
was published
for
ark-r1cs-std
(Rust)
Aug 25, 2021
Read of uninitialized memory in cdr
Critical
CVE-2021-26305
was published
for
cdr
(Rust)
Aug 25, 2021
Deserializing an array can free uninitialized memory in byte_struct
Critical
CVE-2021-28033
was published
for
byte_struct
(Rust)
Aug 25, 2021
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Critical
CVE-2023-26489
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
Incorrect buffer size calculation in iced-x86
Critical
CVE-2021-38188
was published
for
iced-x86
(Rust)
Aug 25, 2021
SMTP command injection in lettre
Critical
CVE-2021-38189
was published
for
lettre
(Rust)
Jul 12, 2021
Free of uninitialized memory in telemetry
Critical
CVE-2021-29937
was published
for
telemetry
(Rust)
Aug 25, 2021
Out of bounds write in calamine
Critical
CVE-2021-26951
was published
for
calamine
(Rust)
Aug 25, 2021
OS command injection in ripgrep
Critical
CVE-2021-3013
was published
for
grep-cli
(Rust)
Aug 5, 2021
Use of Uninitialized Resource in alg_ds
Critical
CVE-2020-36432
was published
for
alg_ds
(Rust)
Aug 25, 2021
Memory corruption in array-tools
Critical
CVE-2020-36452
was published
for
array-tools
(Rust)
Aug 25, 2021
Use of Uninitialized Resource in libp2p-deflate
Critical
CVE-2020-36443
was published
for
libp2p-deflate
(Rust)
Aug 25, 2021
Out of bounds write in nalgebra
Critical
CVE-2021-38190
was published
for
nalgebra
(Rust)
Aug 25, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
crossbeam-deque Data Race before v0.7.4 and v0.8.1
Critical
CVE-2021-32810
was published
for
crossbeam-deque
(Rust)
Aug 25, 2021
Insecure temporary file usage in SWHKD
Critical
CVE-2022-27818
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Insecure Temporary File in SWHKD
Critical
CVE-2022-27815
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Mar 31, 2022
Fix a use-after-free bug in diesels Sqlite backend
Critical
CVE-2021-28305
was published
for
diesel
(Rust)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API