GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
781 advisories
Filter by severity
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
GHSA-4grx-2x9w-596c
was published
for
rsa
(Rust)
Nov 28, 2023
`openssl` `X509StoreRef::objects` is unsound
Moderate
GHSA-xphf-cx8h-7q9g
was published
for
openssl
(Rust)
Nov 28, 2023
Insufficient covariance check makes self_cell unsound
High
GHSA-48m6-wm5p-rr6h
was published
for
self_cell
(Rust)
Nov 14, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Low
GHSA-j57r-4qw6-58r3
was published
for
rusty-paseto
(Rust)
Nov 7, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload
Moderate
CVE-2023-46135
was published
for
stellar-strkey
(Rust)
Oct 25, 2023
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse
Moderate
GHSA-6878-6wc2-pf5h
was published
for
cocoon
(Rust)
Oct 24, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
High
CVE-2023-46115
was published
for
@tauri-apps/cli
(npm)
Oct 20, 2023
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2023-45812
was published
for
apollo-router
(Rust)
Oct 19, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Moderate
GHSA-c827-hfw6-qwvm
was published
for
rustix
(Rust)
Oct 18, 2023
gix-transport code execution vulnerability
Moderate
GHSA-rrjw-j4m2-mf34
was published
for
gix-transport
(Rust)
Sep 25, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
Denial of Service issue in quinn-proto
High
CVE-2023-42805
was published
for
quinn-proto
(Rust)
Sep 21, 2023
phonenumber panics on parsing crafted RFC3966 inputs
High
CVE-2023-42444
was published
for
phonenumber
(Rust)
Sep 21, 2023
blurhash panics on parsing crafted inputs
High
CVE-2023-42447
was published
for
blurhash
(Rust)
Sep 21, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
BER/CER/DER decoder panics on invalid input
High
CVE-2023-39914
was published
for
bcder
(Rust)
Sep 13, 2023
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
Inventory exposes reference to non-Sync data to an arbitrary thread
Moderate
GHSA-36xm-35qq-795w
was published
for
inventory
(Rust)
Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer
Moderate
GHSA-jcr6-4frq-9gjj
was published
for
users
(Rust)
Sep 11, 2023
ProTip!
Advisories are also available from the
GraphQL API