GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
276 advisories
Filter by severity
`openssl` `X509NameBuilder::build` returned object is not thread safe
Moderate
GHSA-3gxf-9r58-2ghg
was published
for
openssl
(Rust)
Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Moderate
CVE-2023-28448
was published
for
versionize
(Rust)
Mar 24, 2023
async-nats vulnerable to TLS certificate common name validation bypass
Moderate
GHSA-f5v5-ccqc-6w36
was published
for
async-nats
(Rust)
Mar 24, 2023
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
Moderate
GHSA-255r-3prx-mf99
was published
for
rmp-serde
(Rust)
Mar 22, 2023
NULL pointer derefernce in `stb_image`
Moderate
GHSA-ppjr-267j-5p9x
was published
for
stb_image
(Rust)
Mar 20, 2023
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
`out_reference::Out::from_raw` should be `unsafe`
Moderate
GHSA-p7mj-xvxg-grff
was published
for
out-reference
(Rust)
Mar 13, 2023
Maligned causes incorrect deallocation
Moderate
GHSA-wm8x-php5-hvq6
was published
for
maligned
(Rust)
Mar 7, 2023
partial_sort contains Out-of-bounds Read in release mode
Moderate
GHSA-5x36-7567-3cw6
was published
for
partial_sort
(Rust)
Feb 28, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code
Moderate
GHSA-mrrw-grhq-86gf
was published
for
ascii
(Rust)
Feb 28, 2023
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Moderate
GHSA-xw5j-gv2g-mjm2
was published
for
cortex-m-rt
(Rust)
Feb 14, 2023
`pnet_packet` buffer overrun in `set_payload` setters
Moderate
GHSA-cf4g-fcf8-3cr9
was published
for
pnet_packet
(Rust)
Feb 9, 2023
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
git2-rs fails to verify SSH keys by default
Moderate
GHSA-m4ch-rfv5-x5g3
was published
for
git2
(Rust)
Jan 20, 2023
ELF header parsing library doesn't check for valid offset
Moderate
GHSA-g6pw-999w-j75m
was published
for
elf_rs
(Rust)
Jan 20, 2023
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Moderate
GHSA-f85w-wvc7-crwc
was published
for
bumpalo
(Rust)
Jan 20, 2023
Cargo did not verify SSH host keys
Moderate
CVE-2022-46176
was published
for
cargo
(Rust)
Jan 10, 2023
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Moderate
CVE-2023-22466
was published
for
tokio
(Rust)
Jan 6, 2023
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Moderate
GHSA-gfgm-chr3-x6px
was published
for
prettytable-rs
(Rust)
Dec 30, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
Tauri Filesystem Scope Glob Pattern is too Permissive
Moderate
CVE-2022-46171
was published
for
tauri
(Rust)
Dec 22, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
Candy Machine Set Collection During Mint Missing Check
Moderate
GHSA-9v25-r5q2-2p6w
was published
for
mpl-candy-machine
(Rust)
Dec 12, 2022
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Moderate
GHSA-969w-q74q-9j8v
was published
for
secp256k1
(Rust)
Dec 8, 2022
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
ProTip!
Advisories are also available from the
GraphQL API