Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

284 advisories

Loading
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area Moderate
GHSA-fq33-vmhv-48xh was published for ntru (Rust) Apr 7, 2023
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers Moderate
GHSA-2qv5-7mw5-j3cg was published for spin (Rust) Apr 3, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API Moderate
CVE-2023-26103 was published for deno (Rust) Apr 3, 2023
dellalibera
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
async-nats vulnerable to TLS certificate common name validation bypass Moderate
GHSA-f5v5-ccqc-6w36 was published for async-nats (Rust) Mar 24, 2023
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8 Moderate
GHSA-255r-3prx-mf99 was published for rmp-serde (Rust) Mar 22, 2023
NULL pointer derefernce in `stb_image` Moderate
GHSA-ppjr-267j-5p9x was published for stb_image (Rust) Mar 20, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
`out_reference::Out::from_raw` should be `unsafe` Moderate
GHSA-p7mj-xvxg-grff was published for out-reference (Rust) Mar 13, 2023
Maligned causes incorrect deallocation Moderate
GHSA-wm8x-php5-hvq6 was published for maligned (Rust) Mar 7, 2023
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code Moderate
GHSA-mrrw-grhq-86gf was published for ascii (Rust) Feb 28, 2023
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2 Moderate
GHSA-xw5j-gv2g-mjm2 was published for cortex-m-rt (Rust) Feb 14, 2023
`pnet_packet` buffer overrun in `set_payload` setters Moderate
GHSA-cf4g-fcf8-3cr9 was published for pnet_packet (Rust) Feb 9, 2023
openssl-src subject to Timing Oracle in RSA Decryption Moderate
CVE-2022-4304 was published for openssl-src (Rust) Feb 8, 2023
another-rex
git2-rs fails to verify SSH keys by default Moderate
GHSA-m4ch-rfv5-x5g3 was published for git2 (Rust) Jan 20, 2023
ELF header parsing library doesn't check for valid offset Moderate
GHSA-g6pw-999w-j75m was published for elf_rs (Rust) Jan 20, 2023
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()` Moderate
GHSA-f85w-wvc7-crwc was published for bumpalo (Rust) Jan 20, 2023
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database