GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
`array!` macro is unsound in presence of traits that implement methods it calls internally
Moderate
GHSA-83gg-pwxf-jr89
was published
for
array-macro
(Rust)
Jun 16, 2022
Space bug in `clean_text`
Moderate
GHSA-p2g9-94wh-65c2
was published
for
ammonia
(Rust)
Jun 16, 2022
Library exclusively intended to obfuscate code.
Moderate
GHSA-gfg9-x6px-r7gr
was published
for
plutonium
(Rust)
Jun 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings
Moderate
GHSA-rwf4-gx62-rqfw
was published
for
crossbeam
(Rust)
Jun 8, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver
Moderate
CVE-2021-20332
was published
for
mongodb
(Rust)
May 24, 2022
insert_slice_clone can double drop if Clone panics.
Moderate
CVE-2021-26954
was published
for
qwutils
(Rust)
May 24, 2022
Async-h1 request smuggling possible with long unread bodies
Moderate
CVE-2020-36202
was published
for
async-h1
(Rust)
May 24, 2022
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Moderate
CVE-2020-35908
was published
for
futures-util
(Rust)
May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
Moderate
CVE-2020-35907
was published
for
futures-task
(Rust)
May 24, 2022
MutexGuard::map can cause a data race in safe code
Moderate
CVE-2020-35905
was published
for
futures-util
(Rust)
May 24, 2022
`net2` invalidly assumes the memory layout of std::net::SocketAddr
Moderate
CVE-2020-35919
was published
for
net2
(Rust)
May 24, 2022
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain
Moderate
CVE-2020-12439
was published
for
grin
(Rust)
May 24, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate
Moderate
CVE-2022-1343
was published
for
openssl-src
(Rust)
May 4, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Moderate
CVE-2022-27817
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Unsafe parsing in SWHKD
Moderate
CVE-2022-27819
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Moderate
CVE-2022-23636
was published
for
wasmtime
(Rust)
Feb 16, 2022
Integer underflow in Frontier
Moderate
CVE-2022-21685
was published
for
frontier
(Rust)
Jan 14, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Unexpected panics in num-bigint
Moderate
GHSA-v935-pqmr-g8v9
was published
for
num-bigint
(Rust)
Nov 3, 2021
Validity check missing in Frontier
Moderate
CVE-2021-41138
was published
for
Frontier
(Rust)
Oct 13, 2021
ProTip!
Advisories are also available from the
GraphQL API