GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
845 advisories
Filter by severity
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
owning_ref vulnerable to multiple soundness issues
Moderate
GHSA-9qxh-258v-666c
was published
for
owning_ref
(Rust)
Aug 10, 2022
lz4-sys vulnerable to memory corruption via issue in liblz4
Critical
GHSA-9q5j-jm53-v7vr
was published
for
lz4-sys
(Rust)
Sep 1, 2022
matrix-sdk 0.6.0 logs access tokens
Moderate
GHSA-fc4h-xcf3-qj5f
was published
for
matrix-sdk
(Rust)
Oct 25, 2022
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
High
GHSA-h864-m8vm-3xvj
was published
for
oqs
(Rust)
Aug 18, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Moderate
GHSA-hrjv-pf36-jpmr
was published
for
oqs
(Rust)
Aug 18, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Moderate
GHSA-gfgm-chr3-x6px
was published
for
prettytable-rs
(Rust)
Dec 30, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
High
GHSA-c439-chv8-8g2j
was published
for
os_socketaddr
(Rust)
Sep 2, 2022
ckb: Transaction header_deps validation issue (network forking)
Critical
GHSA-7fw6-6mfj-g3q2
was published
for
ckb
(Rust)
Nov 2, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Moderate
GHSA-9mfc-chwf-7whf
was published
for
ckb
(Rust)
Nov 2, 2022
ckb type_id script resume may randomly fail
High
GHSA-mcmr-49x3-4jqm
was published
for
ckb
(Rust)
Nov 2, 2022
Generated code can read and write out of bounds in safe code
Critical
GHSA-3jch-9qgp-4844
was published
for
flatbuffers
(Rust)
Jun 16, 2022
rocksdb vulnerable to out-of-bounds read
Moderate
GHSA-xpp3-xrff-w6rh
was published
for
rocksdb
(Rust)
Aug 12, 2022
Data races in model
Moderate
GHSA-8q64-wrfr-q48c
was published
for
model
(Rust)
Aug 25, 2021
•
withdrawn
use-after-free vulnerability in Rust array-queue
Moderate
CVE-2020-35900
was published
for
array-queue
(Rust)
Aug 25, 2021
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>
Moderate
GHSA-jh2g-xhqq-x4w9
was published
for
rcu_cell
(Rust)
Aug 25, 2021
•
withdrawn
Data races in unicycle
Moderate
GHSA-7mg7-m5c3-3hqj
was published
for
unicycle
(Rust)
Aug 25, 2021
•
withdrawn
Singleton lacks bounds on Send and Sync.
Moderate
GHSA-vj88-5667-w56p
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API