GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
Memory Safety Issue when using patch or merge on state and assign the result back to state
Moderate
CVE-2021-39228
was published
for
tremor-script
(Rust)
Sep 20, 2021
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Integer Overflow in openssl-src
Moderate
CVE-2021-23841
was published
for
openssl-src
(Rust)
Aug 25, 2021
matrix-sdk-crypto contains potential impersonation via room key forward responses
Moderate
CVE-2022-39252
was published
for
matrix-sdk-crypto
(Rust)
Sep 30, 2022
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Moderate
GHSA-2qv5-7mw5-j3cg
was published
for
spin
(Rust)
Apr 3, 2023
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
Moderate
GHSA-fq33-vmhv-48xh
was published
for
ntru
(Rust)
Apr 7, 2023
Space bug in `clean_text`
Moderate
GHSA-p2g9-94wh-65c2
was published
for
ammonia
(Rust)
Jun 16, 2022
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Moderate
GHSA-qvc4-78gw-pv8p
was published
for
enumflags2
(Rust)
Apr 24, 2023
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Moderate
CVE-2023-28626
was published
for
comrak
(Rust)
Mar 28, 2023
Comrak AST node data is not validated (GHSL-2023-049)
Moderate
CVE-2023-28631
was published
for
comrak
(Rust)
Mar 28, 2023
sccache vulnerable to privilege escalation if server is run as root
Moderate
CVE-2023-1521
was published
for
sccache
(Rust)
May 30, 2023
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Moderate
GHSA-5fm9-h728-fwpj
was published
for
trust-dns-server
(Rust)
Jun 6, 2023
`array!` macro is unsound in presence of traits that implement methods it calls internally
Moderate
GHSA-83gg-pwxf-jr89
was published
for
array-macro
(Rust)
Jun 16, 2022
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Moderate
CVE-2020-35886
was published
for
arr
(Rust)
Aug 25, 2021
Uninitialized memory exposure in claxon
Moderate
CVE-2018-20992
was published
for
claxon
(Rust)
Aug 25, 2021
Unexpected panic when decoding tokens in branca
Moderate
CVE-2020-35918
was published
for
branca
(Rust)
Aug 25, 2021
Incorrect buffer size in crossbeam-channel
Moderate
CVE-2020-35904
was published
for
crossbeam-channel
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API