GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
782 advisories
Filter by severity
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Moderate
CVE-2023-28626
was published
for
comrak
(Rust)
Mar 28, 2023
NATS TLS certificate common name validation bypass
Moderate
GHSA-wvc4-j7g5-4f79
was published
for
nats
(Rust)
Mar 27, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization
High
CVE-2023-28446
was published
for
deno
(Rust)
Mar 24, 2023
`openssl` `X509NameBuilder::build` returned object is not thread safe
Moderate
GHSA-3gxf-9r58-2ghg
was published
for
openssl
(Rust)
Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
High
GHSA-9qwg-crg9-m2vc
was published
for
openssl
(Rust)
Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
High
GHSA-6hcf-g6gr-hhcr
was published
for
openssl
(Rust)
Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Moderate
CVE-2023-28448
was published
for
versionize
(Rust)
Mar 24, 2023
async-nats vulnerable to TLS certificate common name validation bypass
Moderate
GHSA-f5v5-ccqc-6w36
was published
for
async-nats
(Rust)
Mar 24, 2023
Deno improperly handles resizable ArrayBuffer
Critical
CVE-2023-28445
was published
for
Deno
(Rust)
Mar 23, 2023
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
Moderate
GHSA-255r-3prx-mf99
was published
for
rmp-serde
(Rust)
Mar 22, 2023
Frontier's modexp precompile is slow for even modulus
High
CVE-2023-28431
was published
for
frontier
(Rust)
Mar 21, 2023
NULL pointer derefernce in `stb_image`
Moderate
GHSA-ppjr-267j-5p9x
was published
for
stb_image
(Rust)
Mar 20, 2023
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
`out_reference::Out::from_raw` should be `unsafe`
Moderate
GHSA-p7mj-xvxg-grff
was published
for
out-reference
(Rust)
Mar 13, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Critical
CVE-2023-26489
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Low
CVE-2023-27477
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Maligned causes incorrect deallocation
Moderate
GHSA-wm8x-php5-hvq6
was published
for
maligned
(Rust)
Mar 7, 2023
partial_sort contains Out-of-bounds Read in release mode
Moderate
GHSA-5x36-7567-3cw6
was published
for
partial_sort
(Rust)
Feb 28, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code
Moderate
GHSA-mrrw-grhq-86gf
was published
for
ascii
(Rust)
Feb 28, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
High
GHSA-xr9w-x6gw-c9mj
was published
for
deno
(Rust)
Feb 25, 2023
•
withdrawn
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Moderate
GHSA-xw5j-gv2g-mjm2
was published
for
cortex-m-rt
(Rust)
Feb 14, 2023
`pnet_packet` buffer overrun in `set_payload` setters
Moderate
GHSA-cf4g-fcf8-3cr9
was published
for
pnet_packet
(Rust)
Feb 9, 2023
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
High
CVE-2023-0215
was published
for
openssl-src
(Rust)
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API