Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Loading
Double-free in id-map Critical
CVE-2021-30455 was published for id-map (Rust) Aug 25, 2021
Use After Free in tremor-script Critical
CVE-2021-45701 was published for tremor-script (Rust) Jan 6, 2022
Sandbox bypass leading to arbitrary code execution in Deno Critical
CVE-2022-24783 was published for deno (Rust) Mar 29, 2022
DjDeveloperr andreubotella
aapoalas lucacasonato tdunlap607
Unchecked Return Value in xcb Critical
CVE-2021-26955 was published for xcb (Rust) Aug 25, 2021
amousset
Use of a Broken or Risky Cryptographic Algorithm in crypto2 Critical
CVE-2021-45709 was published for crypto2 (Rust) Jan 6, 2022
Buffer Overflow in galois_2p8 Critical
CVE-2022-24988 was published for galois_2p8 (Rust) Feb 15, 2022
Incorrect hash in sha2 Critical
CVE-2021-45696 was published for sha2 (Rust) Jan 6, 2022
X.509 Email Address 4-byte Buffer Overflow Critical
CVE-2022-3602 was published for openssl-src (Rust) Nov 1, 2022
Incorrect Comparison in sodiumoxide Critical
CVE-2019-25002 was published for sodiumoxide (Rust) Aug 25, 2021
ruuda
Buffer overflow in SmallVec::insert_many Critical
CVE-2021-25900 was published for smallvec (Rust) May 24, 2022
tdunlap607
Out-of-bounds write in stack Critical
CVE-2020-35895 was published for stack (Rust) Aug 25, 2021
tdunlap607
Use-after-free in chttp Critical
CVE-2019-16140 was published for chttp (Rust) Aug 25, 2021
tdunlap607
Rust Failure Crate Vulnerable to Type confusion Critical
CVE-2019-25010 was published for failure (Rust) Aug 25, 2021
Double free in crossbeam Critical
CVE-2018-20996 was published for crossbeam (Rust) Aug 25, 2021
Out of bounds access in lucet-runtime-internals Critical
CVE-2020-35859 was published for lucet-runtime-internals (Rust) Aug 25, 2021
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
Nervos CKB P2P DoS Attacks Critical
GHSA-84x2-2qv6-qg56 was published for ckb (Rust) Feb 2, 2024
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result Critical
GHSA-q73f-w3h7-7wcc was published for ckb (Rust) Feb 3, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint Critical
CVE-2022-4203 was published for openssl-src (Rust) Feb 8, 2023
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters Critical
CVE-2024-28123 was published for wasmi (Rust) Mar 7, 2024
transpose: Buffer overflow due to integer overflow Critical
GHSA-5gmm-6m36-r7jh was published for transpose (Rust) Apr 5, 2024
Type confusion if __private_get_type_id__ is overriden Critical
CVE-2020-25575 was published for failure (Rust) Jun 16, 2022
michaelkedar
Apollo Router vulnerable to Critical Regression In Query Plan Cache Critical
CVE-2024-32971 was published for apollo-router (Rust) May 2, 2024
xuorig o0Ignition0o
peakematt IvanGoncharov Geal glasser jasonbarnett667 abernix
Spin applications with specific configuration vulnerable to potential network sandbox escape Critical
CVE-2024-32980 was published for spin-sdk (Rust) May 8, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint Critical
CVE-2024-3584 was published for qdrant (Rust) Jun 2, 2024
ProTip! Advisories are also available from the GraphQL API