GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
63 advisories
Filter by severity
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Low
GHSA-pr39-8257-fxc2
was published
for
ckb
(Rust)
Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability
Low
CVE-2022-39394
was published
for
wasmtime
(Rust)
Feb 1, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Low
GHSA-j57r-4qw6-58r3
was published
for
rusty-paseto
(Rust)
Nov 7, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
Multiple soundness issues in lexical
Low
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Low
CVE-2023-41051
was published
for
vm-memory
(Rust)
Sep 4, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners
Low
GHSA-gch5-hwqf-mxhp
was published
for
intaglio
(Rust)
Jul 27, 2023
Potential denial of service after connection migration
Low
GHSA-rfhg-rjfp-9q8q
was published
for
s2n-quic
(Rust)
Jul 24, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service
Low
CVE-2023-33290
was published
for
git-url-parse
(Rust)
Jun 12, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic
Low
GHSA-29mf-62xx-28jq
was published
for
buffered-reader
(Rust)
Jun 6, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Low
GHSA-25mx-8f3v-8wh7
was published
for
sequoia-openpgp
(Rust)
Jun 6, 2023
Undefined Behavior in Rust runtime functions
Low
CVE-2023-30624
was published
for
wasmtime
(Rust)
Apr 27, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Low
CVE-2023-27477
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
ProTip!
Advisories are also available from the
GraphQL API