GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
326 advisories
Filter by severity
Uncontrolled recursion in trust-dns-proto
High
CVE-2018-20994
was published
for
trust-dns-proto
(Rust)
Aug 25, 2021
Uncontrolled recursion in rust-yaml
High
CVE-2018-20993
was published
for
yaml-rust
(Rust)
Aug 25, 2021
tower-http's improper validation of Windows paths could lead to directory traversal attack
High
GHSA-qrqq-9c63-xfrg
was published
for
tower-http
(Rust)
Aug 11, 2022
Links in archive can create arbitrary directories
High
CVE-2021-38511
was published
for
tar
(Rust)
Aug 25, 2021
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
High
GHSA-6692-8qqf-79jc
was published
for
tectonic_xdv
(Rust)
Jun 17, 2022
Excessive memory usage in tokio-rustls
High
CVE-2020-35875
was published
for
tokio-rustls
(Rust)
Aug 25, 2021
Use after free in string-interner
High
CVE-2019-16882
was published
for
string-interner
(Rust)
Aug 25, 2021
Data races in ticketed_lock
High
GHSA-gq4h-f254-7cw9
was published
for
ticketed_lock
(Rust)
Aug 25, 2021
Data races in tiny_future
High
GHSA-m296-j53x-xv95
was published
for
tiny_future
(Rust)
Aug 25, 2021
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
High
GHSA-3pp4-64mp-9cg9
was published
for
tremor-script
(Rust)
Jun 17, 2022
Use After Free in tremor-script
High
CVE-2021-45702
was published
for
tremor-script
(Rust)
Jan 6, 2022
Out of bounds write in serde_cbor
High
CVE-2019-25001
was published
for
serde_cbor
(Rust)
Aug 25, 2021
SyncChannel<T> can move 'T: !Send' to other threads
High
GHSA-8892-84wf-cg8f
was published
for
signal-simple
(Rust)
Aug 25, 2021
Slock<T> allows sending non-Send types across thread boundaries
High
GHSA-83r8-p8v6-6gfm
was published
for
slock
(Rust)
Aug 25, 2021
Out of bounds write in stackvector
High
CVE-2021-29939
was published
for
stackvector
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API