GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
tower-http's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-wwh2-r387-g5rm
was published
for
tower-http
(Rust)
Jun 17, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization
Moderate
GHSA-39vw-qp34-rmwf
was published
for
serde_yaml
(Rust)
Aug 25, 2021
scalarmult() vulnerable to degenerate public keys
Moderate
CVE-2017-1000168
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
Unchecked vector pre-allocation
Moderate
GHSA-mcrf-7hf9-f6q5
was published
for
rmpv
(Rust)
Aug 25, 2021
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Moderate
GHSA-969w-q74q-9j8v
was published
for
secp256k1
(Rust)
Dec 8, 2022
Panic on incorrect date input to `simple_asn1`
Moderate
GHSA-3m6f-3gfg-4x56
was published
for
simple_asn1
(Rust)
Jun 17, 2022
Improper Certificate Validation in security-framework
Moderate
CVE-2017-18588
was published
for
security-framework
(Rust)
Aug 25, 2021
Error on unsupported architectures in raw-cpuid
Moderate
CVE-2021-26307
was published
for
raw-cpuid
(Rust)
Aug 25, 2021
Optional `Deserialize` implementations lacking validation
Moderate
GHSA-jf5h-cf95-w759
was published
for
raw-cpuid
(Rust)
Jun 17, 2022
insert_slice_clone can double drop if Clone panics.
Moderate
CVE-2021-26954
was published
for
qwutils
(Rust)
May 24, 2022
Improper random number generation in nanorand
Moderate
CVE-2020-35926
was published
for
nanorand
(Rust)
Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators
Moderate
CVE-2020-35923
was published
for
ordered-float
(Rust)
Aug 25, 2021
mio invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35922
was published
for
mio
(Rust)
Aug 25, 2021
miow invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35921
was published
for
miow
(Rust)
Aug 25, 2021
Aliased mutable references from `tls_rand` & `TlsWyRand`
Moderate
GHSA-p6gj-gpc8-f8xw
was published
for
nanorand
(Rust)
Jun 17, 2022
Mutable reference with immutable provenance in image
Moderate
CVE-2020-35916
was published
for
image
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API