Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

276 advisories

Loading
Error on unsupported architectures in raw-cpuid Moderate
CVE-2021-26307 was published for raw-cpuid (Rust) Aug 25, 2021
tdunlap607
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Panic on incorrect date input to `simple_asn1` Moderate
GHSA-3m6f-3gfg-4x56 was published for simple_asn1 (Rust) Jun 17, 2022
saethlin
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code Moderate
GHSA-969w-q74q-9j8v was published for secp256k1 (Rust) Dec 8, 2022
Unchecked vector pre-allocation Moderate
GHSA-mcrf-7hf9-f6q5 was published for rmpv (Rust) Aug 25, 2021
scalarmult() vulnerable to degenerate public keys Moderate
CVE-2017-1000168 was published for sodiumoxide (Rust) Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization Moderate
GHSA-39vw-qp34-rmwf was published for serde_yaml (Rust) Aug 25, 2021
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
Data race in va-ts Moderate
CVE-2020-36220 was published for va-ts (Rust) Aug 25, 2021
Data races in try-mutex Moderate
CVE-2020-35924 was published for try-mutex (Rust) Aug 25, 2021
Use after free passing `externref`s to Wasm in Wasmtime Moderate
CVE-2021-39216 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton fitzgen
cfallin
Wrong type for `Linker`-define functions when used across two `Engine`s Moderate
CVE-2021-39219 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime Moderate
CVE-2021-39218 was published for wasmtime (Rust) Sep 20, 2021
cfallin fitzgen
`net2` invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35919 was published for net2 (Rust) May 24, 2022
Ouroboros is Unsound Moderate
GHSA-87mf-9wg6-ppf8 was published for ouroboros (Rust) Jun 12, 2023
memoffset allows reading uninitialized memory Moderate
GHSA-wfg4-322g-9vqv was published for memoffset (Rust) Jun 21, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
GHSA-xcf7-rvmh-g6q4 was published for openssl (Rust) Jun 21, 2023
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption Moderate
CVE-2020-35908 was published for futures-util (Rust) May 24, 2022
Race condition in tokio Moderate
CVE-2021-38191 was published for tokio (Rust) Aug 25, 2021
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` Moderate
GHSA-g753-ghr7-q33w was published for cyfs-base (Rust) Jun 22, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database