Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
Arrow2 allows double free in `safe` code High
GHSA-5j8w-r7g8-5472 was published for arrow2 (Rust) Jun 16, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets High
GHSA-qgrp-8f3v-q85p was published for arrow (Rust) Jun 16, 2022
`DecimalArray` does not perform bound checks on accessing values and offsets High
GHSA-h588-76vg-prgj was published for arrow (Rust) Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` ) High
GHSA-qj69-c89v-jwq2 was published for ash (Rust) Jun 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets High
GHSA-r7cj-wmwv-hfw5 was published for arrow (Rust) Jun 16, 2022
`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()` High
GHSA-hv9v-7w3v-rj6f was published for acc_reader (Rust) Jun 16, 2022
abomonation transmutes &T to and from &[u8] without sufficient constraints High
GHSA-hfxp-p695-629x was published for abomonation (Rust) Jun 16, 2022
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service High
CVE-2019-25008 was published for http (Rust) Jun 16, 2022 withdrawn
matveybaykalov
Link Following in Deno High
CVE-2021-41641 was published for deno (Rust) Jun 13, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
futures_task::waker may cause a use-after-free if used on a type that isn't 'static High
CVE-2020-35906 was published for futures-task (Rust) May 24, 2022
Dangling reference in `access::Map` with Constant High
CVE-2020-35711 was published for arc-swap (Rust) May 24, 2022
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
Grin Insufficient Validation High
CVE-2020-6638 was published for grin (Rust) May 24, 2022
Integer overflow in solana_rbpf High
CVE-2022-31264 was published for solana_rbpf (Rust) May 22, 2022
librsvg DoS via Cyclic References High
CVE-2015-7558 was published for librsvg (Rust) May 17, 2022
Resource leakage when decoding certificates and keys High
CVE-2022-1473 was published for openssl-src (Rust) May 4, 2022
pinkforest
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb High
GHSA-j35p-q24r-5367 was published for ckb (Rust) Apr 22, 2022
Relative Path Traversal in afire serve_static High
GHSA-3227-r97m-8j95 was published for afire (Rust) Apr 22, 2022
w-henderson
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Data Loss/Denial of Service in SWHKD High
CVE-2022-27816 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
Rust's regex crate vulnerable to regular expression denial of service High
CVE-2022-24713 was published for regex (Rust) Mar 8, 2022
addisoncrump
crossbeam-utils Race Condition vulnerability High
CVE-2022-23639 was published for crossbeam-utils (Rust) Feb 16, 2022
saethlin
ProTip! Advisories are also available from the GraphQL API