GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
339 advisories
Filter by severity
tower-http's improper validation of Windows paths could lead to directory traversal attack
High
GHSA-qrqq-9c63-xfrg
was published
for
tower-http
(Rust)
Aug 11, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
High
CVE-2022-35724
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash
High
CVE-2022-36125
was published
for
apache-avro
(Rust)
Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
High
GHSA-3pp4-64mp-9cg9
was published
for
tremor-script
(Rust)
Jun 17, 2022
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
High
GHSA-6692-8qqf-79jc
was published
for
tectonic_xdv
(Rust)
Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
Incorrect Lifetime Bounds on Closures in `rusqlite`
High
GHSA-q89g-4vhh-mvvm
was published
for
rusqlite
(Rust)
Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
Window can read out of bounds if Read instance returns more bytes than buffer size
High
GHSA-q579-9wp9-gfp2
was published
for
rdiff
(Rust)
Jun 17, 2022
Out-of-bounds write in nix::unistd::getgrouplist
High
GHSA-wgrg-5h56-jg27
was published
for
nix
(Rust)
Jun 17, 2022
Use after free in Neon external buffers
High
GHSA-8mj7-wxmc-f424
was published
for
neon
(Rust)
Jun 17, 2022
Deserialization functions pass uninitialized memory to user-provided Read
High
GHSA-m325-rxjv-pwph
was published
for
messagepack-rs
(Rust)
Jun 17, 2022
Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`
High
GHSA-wc36-xgcc-jwpr
was published
for
libp2p-core
(Rust)
Jun 17, 2022
Parser creates invalid uninitialized value
High
GHSA-f67m-9j94-qv9j
was published
for
hyper
(Rust)
Jun 16, 2022
ProTip!
Advisories are also available from the
GraphQL API