Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

348 advisories

Loading
`DecimalArray` does not perform bound checks on accessing values and offsets High
GHSA-h588-76vg-prgj was published for arrow (Rust) Jun 16, 2022
Update unsound DrainFilter and RString::retain High
CVE-2020-36212 was published for abi_stable (Rust) Aug 25, 2021
Update unsound DrainFilter and RString::retain High
CVE-2020-36213 was published for abi_stable (Rust) Aug 25, 2021
Uncontrolled Search Path Element in sharkdp/bat High
CVE-2021-36753 was published for bat (Rust) Aug 25, 2021
Relative Path Traversal in git-delta High
CVE-2021-36376 was published for git-delta (Rust) Aug 25, 2021
XSS in mdBook High
CVE-2020-26297 was published for mdBook (Rust) Aug 25, 2021
vavkamil
HTTP Request Smuggling in actix-http High
CVE-2021-38512 was published for actix-http (Rust) Aug 25, 2021
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
Improper Synchronization and Race Condition in vm-memory High
CVE-2020-13759 was published for vm-memory (Rust) Aug 25, 2021
Exposure of sensitive Slack webhook URLs in debug logs and traces High
CVE-2022-39292 was published for slack-morphism (Rust) Oct 10, 2022
X.509 Email Address Variable Length Buffer Overflow High
CVE-2022-3786 was published for openssl-src (Rust) Nov 1, 2022
Wasmtime may have data leakage between instances in the pooling allocator High
CVE-2022-39393 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Use After Free in lucet High
CVE-2021-43790 was published for lucet-runtime (Rust) Nov 30, 2021
iximeow acfoltzer
cratelyn aturon alexcrichton aggarwaa
Improper sanitization of target names High
CVE-2021-41149 was published for tough (Rust) Oct 19, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Specification non-compliance in JUMPI High
CVE-2021-41153 was published for evm (Rust) Oct 19, 2021
Data races in bunch High
CVE-2020-36450 was published for bunch (Rust) Aug 25, 2021
Unaligned memory allocation in chunky High
CVE-2020-36433 was published for chunky (Rust) Aug 25, 2021
Use after free in generic-array High
CVE-2020-36465 was published for generic-array (Rust) Aug 25, 2021
Data races in scottqueue High
CVE-2020-36453 was published for scottqueue (Rust) Aug 25, 2021
Memory exhaustion in routinator High
CVE-2021-43174 was published for routinator (Rust) Nov 11, 2021
Improper sanitization of delegated role names High
CVE-2021-41150 was published for tough (Rust) Oct 19, 2021
Use after free in heapless High
CVE-2020-36464 was published for heapless (Rust) Aug 25, 2021
Remote code execution in better-macro High
CVE-2021-38196 was published for better-macro (Rust) Aug 25, 2021
Format string vulnerabilities in pancurses High
CVE-2019-15546 was published for pancurses (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database