Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
`array!` macro is unsound in presence of traits that implement methods it calls internally Moderate
GHSA-83gg-pwxf-jr89 was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
Space bug in `clean_text` Moderate
GHSA-p2g9-94wh-65c2 was published for ammonia (Rust) Jun 16, 2022
tdunlap607
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver Moderate
CVE-2021-20332 was published for mongodb (Rust) May 24, 2022
alex-semenyuk richardfan0606
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption Moderate
CVE-2020-35908 was published for futures-util (Rust) May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer Moderate
CVE-2020-35907 was published for futures-task (Rust) May 24, 2022
MutexGuard::map can cause a data race in safe code Moderate
CVE-2020-35905 was published for futures-util (Rust) May 24, 2022
`net2` invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35919 was published for net2 (Rust) May 24, 2022
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain Moderate
CVE-2020-12439 was published for grin (Rust) May 24, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Moderate
CVE-2022-27817 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals Moderate
CVE-2022-23636 was published for wasmtime (Rust) Feb 16, 2022
peterhuene
Denial of service in bingrep Moderate
CVE-2021-39480 was published for bingrep (Rust) Jan 28, 2022
Integer underflow in Frontier Moderate
CVE-2022-21685 was published for frontier (Rust) Jan 14, 2022
Out-of-bounds Write in nix Moderate
CVE-2021-45707 was published for nix (Rust) Jan 6, 2022
Polyhistorian
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system Moderate
CVE-2021-3917 was published for coreos-installer (Rust) Nov 8, 2021
xlejo
Unexpected panics in num-bigint Moderate
GHSA-v935-pqmr-g8v9 was published for num-bigint (Rust) Nov 3, 2021
guidovranken arvidn
Validity check missing in Frontier Moderate
CVE-2021-41138 was published for Frontier (Rust) Oct 13, 2021
ProTip! Advisories are also available from the GraphQL API