Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

339 advisories

Loading
tower-http's improper validation of Windows paths could lead to directory traversal attack High
GHSA-qrqq-9c63-xfrg was published for tower-http (Rust) Aug 11, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU High
CVE-2022-35724 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash High
CVE-2022-36125 was published for apache-avro (Rust) Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
`libsqlite3-sys` via C SQLite improperly validates array index High
CVE-2022-35737 was published for libsqlite3-sys (Rust) Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
karimhreda
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs High
CVE-2022-31162 was published for slack-morphism (Rust) Jul 20, 2022
tdunlap607
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
KamilaBorowska
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state` High
GHSA-3pp4-64mp-9cg9 was published for tremor-script (Rust) Jun 17, 2022
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
Incorrect Lifetime Bounds on Closures in `rusqlite` High
GHSA-q89g-4vhh-mvvm was published for rusqlite (Rust) Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory High
GHSA-9c9f-7x9p-4wqp was published for qcell (Rust) Jun 17, 2022
Window can read out of bounds if Read instance returns more bytes than buffer size High
GHSA-q579-9wp9-gfp2 was published for rdiff (Rust) Jun 17, 2022
Out-of-bounds write in nix::unistd::getgrouplist High
GHSA-wgrg-5h56-jg27 was published for nix (Rust) Jun 17, 2022
Use after free in Neon external buffers High
GHSA-8mj7-wxmc-f424 was published for neon (Rust) Jun 17, 2022
`mopa` is technically unsound High
GHSA-8mv5-7x95-7wcf was published for mopa (Rust) Jun 17, 2022
Deserialization functions pass uninitialized memory to user-provided Read High
GHSA-m325-rxjv-pwph was published for messagepack-rs (Rust) Jun 17, 2022
Use after free in lru crate High
GHSA-qqmc-hwqp-8g2w was published for lru (Rust) Jun 17, 2022
Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord` High
GHSA-wc36-xgcc-jwpr was published for libp2p-core (Rust) Jun 17, 2022
Parser creates invalid uninitialized value High
GHSA-f67m-9j94-qv9j was published for hyper (Rust) Jun 16, 2022
ProTip! Advisories are also available from the GraphQL API