Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
Reachable Assertion in rulex Moderate
CVE-2022-31100 was published for rulex (Rust) Jun 21, 2022
evanrichter
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs Moderate
CVE-2022-31104 was published for cranelift-codegen (Rust) Jun 29, 2022
alexcrichton MaineK00n
Wasmtime vulnerable to Use After Free with `externref`s Moderate
CVE-2022-31146 was published for cranelift-codegen (Rust) Jul 20, 2022
alexcrichton fitzgen
jameysharp
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
owning_ref vulnerable to multiple soundness issues Moderate
GHSA-9qxh-258v-666c was published for owning_ref (Rust) Aug 10, 2022
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
rocksdb vulnerable to out-of-bounds read Moderate
GHSA-xpp3-xrff-w6rh was published for rocksdb (Rust) Aug 12, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken Moderate
GHSA-hrjv-pf36-jpmr was published for oqs (Rust) Aug 18, 2022
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for frontier (Rust) Aug 18, 2022
mz-avro's incorrect use of `set_len` allows for un-initialized memory Moderate
GHSA-jwh2-vrr9-vcp2 was published for mz-avro (Rust) Aug 30, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation Moderate
GHSA-3fg9-hcq5-vxrc was published for iana-time-zone (Rust) Aug 30, 2022
Cargo extracting malicious crates can fill the file system Moderate
CVE-2022-36114 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
`cell-project` used incorrect variance when projecting through `&Cell<T>` Moderate
GHSA-p75v-367r-2v23 was published for cell-project (Rust) Sep 16, 2022
Weight not properly refunded after EVM execution Moderate
CVE-2022-39242 was published for frontier (Rust) Sep 23, 2022
matrix-sdk-crypto contains potential impersonation via room key forward responses Moderate
CVE-2022-39252 was published for matrix-sdk-crypto (Rust) Sep 30, 2022
michaelkedar
kamadak-exif vulnerable to Infinite loop when parsing PNG files Moderate
CVE-2021-21235 was published for kamadak-exif (Rust) Oct 6, 2022
matrix-sdk 0.6.0 logs access tokens Moderate
GHSA-fc4h-xcf3-qj5f was published for matrix-sdk (Rust) Oct 25, 2022
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm) Moderate
CVE-2022-39354 was published for evm (Rust) Oct 25, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low. Moderate
GHSA-9mfc-chwf-7whf was published for ckb (Rust) Nov 2, 2022
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value` Moderate
GHSA-5m39-wx2q-mxg3 was published for lzf (Rust) Nov 8, 2022
Wasmtime out of bounds read/write with zero-memory-pages configuration Moderate
CVE-2022-39392 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Leak in Aliyun KeySecret Moderate
CVE-2022-39397 was published for aliyun-oss-client (Rust) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API