Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

348 advisories

Loading
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts High
GHSA-wq9x-qwcq-mmgf was published for diesel (Rust) Aug 23, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount High
CVE-2024-43410 was published for russh (Rust) Aug 14, 2024
Noratrieb Eugeny
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects High
CVE-2024-43367 was published for boa_engine (Rust) Aug 14, 2024
ctcpip arai-a
jedel1043 jasonwilliams nekevss
Unlimited number of NTS-KE connections can crash ntpd-rs server High
CVE-2024-38528 was published for ntpd (Rust) Jun 28, 2024
mlichvar
gix traversal outside working tree enables arbitrary code execution High
CVE-2024-35186 was published for gitoxide (Rust) May 22, 2024
EliahKagan Byron
Rhai stack overflow vulenrability High
CVE-2024-36760 was published for rhai (Rust) Jun 13, 2024
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
Denial of Service Vulnerability in Rustls Library High
CVE-2024-32650 was published for rustls (Rust) Apr 19, 2024
Taowyoo arai-fortanix
jjfiv s-arash
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property High
CVE-2024-32984 was published for yamux (Rust) May 1, 2024
jxs marten-seemann
AgeManning
Array size is not checked in sized-chunks High
CVE-2020-25792 was published for sized-chunks (Rust) Aug 25, 2021
tdunlap607
pqc_kyber KyberSlash: division timings depending on secrets High
GHSA-x5j2-g63m-f8g4 was published for pqc_kyber (Rust) Feb 9, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects High
GHSA-xfhw-6mc4-mgxf was published for crayon (Rust) Apr 5, 2024
whoami stack buffer overflow on several Unix platforms High
GHSA-w5w5-8vfh-xcjq was published for whoami (Rust) Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast High
GHSA-4v52-7q2x-v4xj was published for eyre (Rust) Apr 5, 2024
HPACK decoder panics on invalid input High
GHSA-w7hm-hmxv-pvhf was published for hpack (Rust) Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
`libsqlite3-sys` via C SQLite improperly validates array index High
CVE-2022-35737 was published for libsqlite3-sys (Rust) Aug 4, 2022
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac
ProTip! Advisories are also available from the GraphQL API