Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

261 advisories

Loading
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-26281 was published for async-h1 (Rust) Oct 12, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s Moderate
CVE-2021-39219 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime Moderate
CVE-2021-39218 was published for wasmtime (Rust) Sep 20, 2021
cfallin fitzgen
Use after free passing `externref`s to Wasm in Wasmtime Moderate
CVE-2021-39216 was published for wasmtime (Rust) Sep 20, 2021
alexcrichton fitzgen
cfallin
Memory Safety Issue when using patch or merge on state and assign the result back to state Moderate
CVE-2021-39228 was published for tremor-script (Rust) Sep 20, 2021
Transaction validity oversight in pallet-ethereum Moderate
CVE-2021-39193 was published for frontier (Rust) Sep 1, 2021
Use after free in libpulse-binding Moderate
CVE-2018-25001 was published for libpulse-binding (Rust) Aug 30, 2021
Observable Discrepancy in libsecp256k1-rs Moderate
CVE-2019-20399 was published for libsecp256k1-rs (Rust) Aug 25, 2021
Partial read is incorrect in molecule Moderate
GHSA-82hm-vh7g-hrh9 was published for molecule (Rust) Aug 25, 2021
use-after-free vulnerability in Rust array-queue Moderate
CVE-2020-35900 was published for array-queue (Rust) Aug 25, 2021
scalarmult() vulnerable to degenerate public keys Moderate
CVE-2017-1000168 was published for sodiumoxide (Rust) Aug 25, 2021
Data races in unicycle Moderate
GHSA-7mg7-m5c3-3hqj was published for unicycle (Rust) Aug 25, 2021 withdrawn
WITHDRAWN Moderate
GHSA-8q5c-93vg-c747 was published for toolshed (Rust) Aug 25, 2021 withdrawn
smallvec creates uninitialized value of any type Moderate
GHSA-66p5-j55p-32r9 was published for smallvec (Rust) Aug 25, 2021
Assumed memory layout of std::net::SocketAddr Moderate
GHSA-p5w9-856p-8q4g was published for socket2 (Rust) Aug 25, 2021 withdrawn
Uncontrolled recursion leads to abort in deserialization Moderate
GHSA-39vw-qp34-rmwf was published for serde_yaml (Rust) Aug 25, 2021
Queue<T> should have a Send bound on its Send/Sync traits Moderate
GHSA-v42f-j8fx-99f3 was published for scottqueue (Rust) Aug 25, 2021 withdrawn
Singleton lacks bounds on Send and Sync. Moderate
GHSA-vj88-5667-w56p was published for ruspiro-singleton (Rust) Aug 25, 2021 withdrawn
Unchecked vector pre-allocation Moderate
GHSA-mcrf-7hf9-f6q5 was published for rmpv (Rust) Aug 25, 2021
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T> Moderate
GHSA-jh2g-xhqq-x4w9 was published for rcu_cell (Rust) Aug 25, 2021 withdrawn
Compiler optimisation leads to SEGFAULT Moderate
GHSA-r6ff-2q3c-v3pv was published for pnet (Rust) Aug 25, 2021
MvccRwLock allows data races & aliasing violations Moderate
GHSA-mgg8-9pvp-6qcw was published for noise_search (Rust) Aug 25, 2021 withdrawn
Data races in model Moderate
GHSA-8q64-wrfr-q48c was published for model (Rust) Aug 25, 2021 withdrawn
Data races in max7301 Moderate
CVE-2020-36472 was published for max7301 (Rust) Aug 25, 2021
Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API