GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Mio's tokens for named pipes may be delivered after deregistration
High
CVE-2024-27308
was published
for
mio
(Rust)
Mar 4, 2024
eza Potential Heap Overflow Vulnerability for AArch64
High
CVE-2024-25817
was published
for
eza
(Rust)
Feb 8, 2024
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service
High
CVE-2019-25008
was published
for
http
(Rust)
Jun 16, 2022
•
withdrawn
Externally Controlled Format String in Scripting Functions
High
GHSA-q3gg-m8hr-h4x4
was published
for
surrealdb
(Rust)
Feb 21, 2024
Tungstenite allows remote attackers to cause a denial of service
High
CVE-2023-43669
was published
for
tungstenite
(Rust)
Sep 21, 2023
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
High
GHSA-22q8-ghmq-63vf
was published
for
libgit2-sys
(Rust)
Feb 12, 2024
serde-json-wasm stack overflow during recursive JSON parsing
High
GHSA-rr69-rxr6-8qwf
was published
for
serde-json-wasm
(Rust)
Feb 9, 2024
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
High
CVE-2023-0216
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex`
High
CVE-2022-4450
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key
High
CVE-2023-0217
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification
High
CVE-2023-0401
was published
for
openssl-src
(Rust)
Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels
High
CVE-2023-0286
was published
for
cryptography
(pip)
Feb 8, 2023
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
High
CVE-2022-3358
was published
for
openssl-src
(Rust)
Oct 11, 2022
Nervos CKB Snappy decompress length can be very large and causes out of memory error
High
GHSA-3gjh-29fv-8hr6
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Panic on malformed input
High
GHSA-wjxc-pjx9-4wvm
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB node panics when processing a block which parent timestamp is too new
High
GHSA-hjqq-29pw-96wj
was published
for
ckb
(Rust)
Feb 2, 2024
Any authenticated user may obtain private message details from other users on the same instance
High
CVE-2024-23649
was published
for
lemmy_server
(Rust)
Jan 24, 2024
Multiple issues involving quote API in shlex
High
GHSA-r7qv-8r2h-pg27
was published
for
shlex
(Rust)
Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API