Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

63 advisories

Loading
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP Low
GHSA-pr39-8257-fxc2 was published for ckb (Rust) Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability Low
CVE-2022-39394 was published for wasmtime (Rust) Feb 1, 2024
kpreisser
ferris-says has undefined behavior when not using UTF-8 Low
GHSA-v363-rrf2-5fmj was published for ferris-says (Rust) Jan 17, 2024
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
s2n-quic potential denial of service via crafted stream frames Low
GHSA-475v-pq2g-fp9g was published for s2n-quic (Rust) Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om rrrodzilla
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 Low
CVE-2023-41880 was published for wasmtime (Rust) Sep 14, 2023
afonso360
Multiple soundness issues in lexical Low
GHSA-c2hm-mjxv-89r4 was published for lexical (Rust) Sep 4, 2023
ntpd has Dependency on Vulnerable Third-Party Component Low
GHSA-37xq-q42p-rv3p was published for ntpd (Rust) Aug 24, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth
Unsoundness in `intern` methods on `intaglio` symbol interners Low
GHSA-gch5-hwqf-mxhp was published for intaglio (Rust) Jul 27, 2023
Potential denial of service after connection migration Low
GHSA-rfhg-rjfp-9q8q was published for s2n-quic (Rust) Jul 24, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic Low
GHSA-29mf-62xx-28jq was published for buffered-reader (Rust) Jun 6, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
GHSA-25mx-8f3v-8wh7 was published for sequoia-openpgp (Rust) Jun 6, 2023
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
ProTip! Advisories are also available from the GraphQL API