GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
High
GHSA-wq9x-qwcq-mmgf
was published
for
diesel
(Rust)
Aug 23, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount
High
CVE-2024-43410
was published
for
russh
(Rust)
Aug 14, 2024
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
High
CVE-2024-43367
was published
for
boa_engine
(Rust)
Aug 14, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
High
CVE-2023-0215
was published
for
openssl-src
(Rust)
Feb 8, 2023
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
High
CVE-2022-0778
was published
for
openssl-src
(Rust)
Mar 16, 2022
Read buffer overruns processing ASN.1 strings
High
CVE-2021-3712
was published
for
openssl-src
(Rust)
May 24, 2022
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
Array size is not checked in sized-chunks
High
CVE-2020-25792
was published
for
sized-chunks
(Rust)
Aug 25, 2021
pqc_kyber KyberSlash: division timings depending on secrets
High
GHSA-x5j2-g63m-f8g4
was published
for
pqc_kyber
(Rust)
Feb 9, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects
High
GHSA-xfhw-6mc4-mgxf
was published
for
crayon
(Rust)
Apr 5, 2024
whoami stack buffer overflow on several Unix platforms
High
GHSA-w5w5-8vfh-xcjq
was published
for
whoami
(Rust)
Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast
High
GHSA-4v52-7q2x-v4xj
was published
for
eyre
(Rust)
Apr 5, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
aliyundrive-webdav vulnerable to Command Injection
High
CVE-2024-29640
was published
for
aliyundrive-webdav
(pip)
Mar 29, 2024
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
High
CVE-2024-27935
was published
for
deno
(Rust)
Mar 5, 2024
ProTip!
Advisories are also available from the
GraphQL API