Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
Data races in v9 High
GHSA-pfjq-935c-4895 was published for v9 (Rust) Aug 25, 2021
Integer underflow in untrusted High
CVE-2018-20989 was published for untrusted (Rust) Aug 25, 2021
Uncontrolled recursion in trust-dns-proto High
CVE-2018-20994 was published for trust-dns-proto (Rust) Aug 25, 2021
Out-of-bounds Write in vec-const High
CVE-2021-45680 was published for vec-const (Rust) Jan 6, 2022
Uncontrolled recursion in rust-yaml High
CVE-2018-20993 was published for yaml-rust (Rust) Aug 25, 2021
Data race in abox High
CVE-2020-36441 was published for abox (Rust) Aug 25, 2021
tower-http's improper validation of Windows paths could lead to directory traversal attack High
GHSA-qrqq-9c63-xfrg was published for tower-http (Rust) Aug 11, 2022
Data races in ticketed_lock High
CVE-2020-36439 was published for ticketed_lock (Rust) Aug 25, 2021
Data race in tiny_future High
CVE-2020-36438 was published for tiny_future (Rust) Aug 25, 2021
Links in archive can create arbitrary directories High
CVE-2021-38511 was published for tar (Rust) Aug 25, 2021
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022
Race Condition in tokio High
CVE-2021-45710 was published for tokio (Rust) Jan 6, 2022
Excessive memory usage in tokio-rustls High
CVE-2020-35875 was published for tokio-rustls (Rust) Aug 25, 2021
Use after free in string-interner High
CVE-2019-16882 was published for string-interner (Rust) Aug 25, 2021
tdunlap607
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
Data races in ticketed_lock High
GHSA-gq4h-f254-7cw9 was published for ticketed_lock (Rust) Aug 25, 2021
Data race in syncpool High
CVE-2020-36462 was published for syncpool (Rust) Aug 25, 2021
Data races in tiny_future High
GHSA-m296-j53x-xv95 was published for tiny_future (Rust) Aug 25, 2021
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state` High
GHSA-3pp4-64mp-9cg9 was published for tremor-script (Rust) Jun 17, 2022
Use After Free in tremor-script High
CVE-2021-45702 was published for tremor-script (Rust) Jan 6, 2022
Out of bounds write in serde_cbor High
CVE-2019-25001 was published for serde_cbor (Rust) Aug 25, 2021
tdunlap607
SyncChannel<T> can move 'T: !Send' to other threads High
GHSA-8892-84wf-cg8f was published for signal-simple (Rust) Aug 25, 2021
Out of bounds read in simd-json High
CVE-2019-15550 was published for simd-json (Rust) Aug 25, 2021
Slock<T> allows sending non-Send types across thread boundaries High
GHSA-83r8-p8v6-6gfm was published for slock (Rust) Aug 25, 2021
Out of bounds write in stackvector High
CVE-2021-29939 was published for stackvector (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API