Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

348 advisories

Loading
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property High
CVE-2024-32984 was published for yamux (Rust) May 1, 2024
jxs marten-seemann
AgeManning
Denial of Service Vulnerability in Rustls Library High
CVE-2024-32650 was published for rustls (Rust) Apr 19, 2024
Taowyoo arai-fortanix
jjfiv s-arash
crayon: ObjectPool creates uninitialized memory when freeing objects High
GHSA-xfhw-6mc4-mgxf was published for crayon (Rust) Apr 5, 2024
whoami stack buffer overflow on several Unix platforms High
GHSA-w5w5-8vfh-xcjq was published for whoami (Rust) Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast High
GHSA-4v52-7q2x-v4xj was published for eyre (Rust) Apr 5, 2024
HPACK decoder panics on invalid input High
GHSA-w7hm-hmxv-pvhf was published for hpack (Rust) Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
Externally Controlled Format String in Scripting Functions High
GHSA-q3gg-m8hr-h4x4 was published for surrealdb (Rust) Feb 21, 2024
akkie
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2 High
GHSA-22q8-ghmq-63vf was published for libgit2-sys (Rust) Feb 12, 2024
pqc_kyber KyberSlash: division timings depending on secrets High
GHSA-x5j2-g63m-f8g4 was published for pqc_kyber (Rust) Feb 9, 2024
serde-json-wasm stack overflow during recursive JSON parsing High
GHSA-rr69-rxr6-8qwf was published for serde-json-wasm (Rust) Feb 9, 2024
eza Potential Heap Overflow Vulnerability for AArch64 High
CVE-2024-25817 was published for eza (Rust) Feb 8, 2024
CuB3y0nd FuzzyLitchi
cafkafk inspector-ambitious
Nervos CKB Snappy decompress length can be very large and causes out of memory error High
GHSA-3gjh-29fv-8hr6 was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB Panic on malformed input High
GHSA-wjxc-pjx9-4wvm was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB node panics when processing a block which parent timestamp is too new High
GHSA-hjqq-29pw-96wj was published for ckb (Rust) Feb 2, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Multiple issues involving quote API in shlex High
GHSA-r7qv-8r2h-pg27 was published for shlex (Rust) Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface High
GHSA-58j9-j2fj-v8f4 was published for surrealdb (Rust) Jan 19, 2024
Uncaught Exception processing HTTP Headers in SurrealDB High
GHSA-m24x-r6q3-2vp9 was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1
ProTip! Advisories are also available from the GraphQL API