Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low
CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
tdunlap607
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Chrono has potential segfault issue in SPIFFE authenticator Low
GHSA-45w3-v3g4-54pm was published for parsec-service (Rust) Feb 11, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Low
CVE-2022-27814 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Shinyzenith
Threshold value is ignored (all shares are n=3) Low
GHSA-978j-88f3-p5j3 was published for shamir (Rust) Jun 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
ansi_term is Unmaintained Low
GHSA-74w3-p89x-ffgh was published for ansi_term (Rust) Sep 16, 2022 withdrawn
kornelski Emilgardis
personnummer/rust vulnerable to Improper Input Validation Low
GHSA-28r9-pq4c-wp3c was published for personnummer (Rust) Sep 21, 2022
Tauri Filesystem Scope can be Partially Bypassed Low
CVE-2022-41874 was published for Tauri (Rust) Nov 8, 2022
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
`tokio::io::ReadHalf<T>::unsplit` is Unsound Low
GHSA-4q83-7cq4-p6wg was published for tokio (Rust) Feb 4, 2023
Nervos CKB calculation of program load cycles may be missed when executing in resume mode Low
GHSA-fjj4-2q73-jvgc was published for ckb (Rust) Feb 8, 2023
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message Low
GHSA-p2gm-ffr3-w2xw was published for ckb (Rust) Feb 8, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
GHSA-25mx-8f3v-8wh7 was published for sequoia-openpgp (Rust) Jun 6, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic Low
GHSA-29mf-62xx-28jq was published for buffered-reader (Rust) Jun 6, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log
Potential denial of service after connection migration Low
GHSA-rfhg-rjfp-9q8q was published for s2n-quic (Rust) Jul 24, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners Low
GHSA-gch5-hwqf-mxhp was published for intaglio (Rust) Jul 27, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth
ntpd has Dependency on Vulnerable Third-Party Component Low
GHSA-37xq-q42p-rv3p was published for ntpd (Rust) Aug 24, 2023
ProTip! Advisories are also available from the GraphQL API