GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
276 advisories
Filter by severity
Error on unsupported architectures in raw-cpuid
Moderate
CVE-2021-26307
was published
for
raw-cpuid
(Rust)
Aug 25, 2021
Improper Certificate Validation in security-framework
Moderate
CVE-2017-18588
was published
for
security-framework
(Rust)
Aug 25, 2021
Panic on incorrect date input to `simple_asn1`
Moderate
GHSA-3m6f-3gfg-4x56
was published
for
simple_asn1
(Rust)
Jun 17, 2022
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Moderate
GHSA-969w-q74q-9j8v
was published
for
secp256k1
(Rust)
Dec 8, 2022
Unchecked vector pre-allocation
Moderate
GHSA-mcrf-7hf9-f6q5
was published
for
rmpv
(Rust)
Aug 25, 2021
scalarmult() vulnerable to degenerate public keys
Moderate
CVE-2017-1000168
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization
Moderate
GHSA-39vw-qp34-rmwf
was published
for
serde_yaml
(Rust)
Aug 25, 2021
HTTP Request smuggling in tiny_http
Moderate
CVE-2020-35884
was published
for
tiny_http
(Rust)
Aug 25, 2021
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-wwh2-r387-g5rm
was published
for
tower-http
(Rust)
Jun 17, 2022
`temporary` makes use of uninitialized memory
Moderate
GHSA-2jq9-6xx7-3h29
was published
for
temporary
(Rust)
Aug 11, 2022
Use after free passing `externref`s to Wasm in Wasmtime
Moderate
CVE-2021-39216
was published
for
wasmtime
(Rust)
Sep 20, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s
Moderate
CVE-2021-39219
was published
for
wasmtime
(Rust)
Sep 20, 2021
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Moderate
CVE-2021-39218
was published
for
wasmtime
(Rust)
Sep 20, 2021
`net2` invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35919
was published
for
net2
(Rust)
May 24, 2022
memoffset allows reading uninitialized memory
Moderate
GHSA-wfg4-322g-9vqv
was published
for
memoffset
(Rust)
Jun 21, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Moderate
GHSA-xcf7-rvmh-g6q4
was published
for
openssl
(Rust)
Jun 21, 2023
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Moderate
CVE-2020-35908
was published
for
futures-util
(Rust)
May 24, 2022
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Moderate
GHSA-g753-ghr7-q33w
was published
for
cyfs-base
(Rust)
Jun 22, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Moderate
GHSA-hxq4-mx37-fqvg
was published
for
s2n-quic
(Rust)
Jun 30, 2023
NULL pointer derefernce in `stb_image`
Moderate
GHSA-ppjr-267j-5p9x
was published
for
stb_image
(Rust)
Mar 20, 2023
ProTip!
Advisories are also available from the
GraphQL API