Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

782 advisories

Loading
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ( `read_entry()` ) High
GHSA-p56p-gq3f-whg8 was published for flumedb (Rust) Jun 16, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-8gj8-hv75-gp94 was published for crossbeam (Rust) Jun 16, 2022
vec-const attempts to construct a Vec from a pointer to a const slice Moderate
GHSA-jmwx-r3gq-qq3p was published for vec-const (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
Use After Free in Context::start_auth_session Moderate
GHSA-w3vw-ccc5-qr8v was published for tss-esapi (Rust) Jun 17, 2022
Miscomputation when performing AES encryption in rust-crypto Critical
GHSA-jp3w-3q88-34cf was published for rust-crypto (Rust) Jun 17, 2022
Potential segfault in `localtime_r` invocations Moderate
GHSA-cqpr-pcm7-m3jc was published for chrono (Rust) Jun 16, 2022 withdrawn
KamilaBorowska penberg
mz-avro's incorrect use of `set_len` allows for un-initialized memory Moderate
GHSA-jwh2-vrr9-vcp2 was published for mz-avro (Rust) Aug 30, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation Moderate
GHSA-3fg9-hcq5-vxrc was published for iana-time-zone (Rust) Aug 30, 2022
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
ansi_term is Unmaintained Low
GHSA-74w3-p89x-ffgh was published for ansi_term (Rust) Sep 16, 2022 withdrawn
kornelski Emilgardis
Creator Verification Error when Bubblegum Activate High
GHSA-8r76-fr72-j32w was published for mpl-bubblegum (Rust) Dec 12, 2022
Candy Machine Set Collection During Mint Missing Check Moderate
GHSA-9v25-r5q2-2p6w was published for mpl-candy-machine (Rust) Dec 12, 2022
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()` Moderate
GHSA-f85w-wvc7-crwc was published for bumpalo (Rust) Jan 20, 2023
ELF header parsing library doesn't check for valid offset Moderate
GHSA-g6pw-999w-j75m was published for elf_rs (Rust) Jan 20, 2023
git2-rs fails to verify SSH keys by default Moderate
GHSA-m4ch-rfv5-x5g3 was published for git2 (Rust) Jan 20, 2023
Data race in disrustor Moderate
CVE-2020-36470 was published for disrustor (Rust) Aug 25, 2021
J3rry-1729
Memory access due to code generation flaw in Cranelift module High
CVE-2021-32629 was published for cranelift-codegen (Rust) Aug 25, 2021
Out of bounds read in simple-slab Critical
CVE-2020-35892 was published for simple-slab (Rust) Aug 25, 2021
Use-after-free in actix-codec Critical
CVE-2020-35902 was published for actix-codec (Rust) Aug 25, 2021
Access of Uninitialized Pointer in linked-hash-map Critical
CVE-2020-25573 was published for linked-hash-map (Rust) Aug 25, 2021
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-26281 was published for async-h1 (Rust) Oct 12, 2021
Memory flaw in zeroize_derive Critical
CVE-2021-45706 was published for zeroize_derive (Rust) Jan 6, 2022
KamilaBorowska
ProTip! Advisories are also available from the GraphQL API