GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
Users vulnerable to unaligned read of `*const *const c_char` pointer
Moderate
GHSA-jcr6-4frq-9gjj
was published
for
users
(Rust)
Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime
Moderate
GHSA-ghc8-5cgm-5rpf
was published
for
inventory
(Rust)
Sep 11, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Moderate
CVE-2023-41317
was published
for
apollo-router
(Rust)
Sep 7, 2023
Multiple soundness issues in lexical
Moderate
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
webpki: CPU denial of service in certificate path building
High
GHSA-8qv2-5vq6-g2g7
was published
for
webpki
(Rust)
Aug 25, 2023
mail-internals use-after-free vulnerability in `vec_insert_bytes`
Moderate
GHSA-rcx8-48pc-v9q8
was published
for
mail-internals
(Rust)
Aug 24, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
rustls-webpki: CPU denial of service in certificate path building
High
GHSA-fh2r-99q2-6mmg
was published
for
rustls-webpki
(Rust)
Aug 22, 2023
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Moderate
GHSA-w5vr-6qhr-36cc
was published
for
ed25519-dalek
(Rust)
Aug 14, 2023
lol-html panics on certain HTML inputs
High
CVE-2023-4241
was published
for
lol-html
(Rust)
Aug 9, 2023
odoh-rs's Invalid Slice Split Results in Server Panic
Moderate
CVE-2023-3766
was published
for
odoh-rs
(Rust)
Aug 3, 2023
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners
Low
GHSA-gch5-hwqf-mxhp
was published
for
intaglio
(Rust)
Jul 27, 2023
Potential denial of service after connection migration
Low
GHSA-rfhg-rjfp-9q8q
was published
for
s2n-quic
(Rust)
Jul 24, 2023
impl `FromMdbValue` for bool is unsound
Moderate
GHSA-f9g6-fp84-fv92
was published
for
lmdb-rs
(Rust)
Jul 19, 2023
libostree vulnerable to denial of service attack
Moderate
CVE-2022-47085
was published
for
ostree
(Rust)
Jul 18, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Moderate
GHSA-hxq4-mx37-fqvg
was published
for
s2n-quic
(Rust)
Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Moderate
GHSA-g753-ghr7-q33w
was published
for
cyfs-base
(Rust)
Jun 22, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-xcf7-rvmh-g6q4
was published
for
openssl
(Rust)
Jun 21, 2023
ProTip!
Advisories are also available from the
GraphQL API