GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
PQClean has a correctness error in HQC decapsulation
High
GHSA-753p-wrj5-g8fj
was published
for
pqcrypto-hqc
(Rust)
Dec 11, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
sccache vulnerable to privilege escalation if server is run as root
High
CVE-2023-1521
was published
for
sccache
(Rust)
May 30, 2023
Memory access due to code generation flaw in Cranelift module
High
CVE-2021-32629
was published
for
cranelift-codegen
(pip)
Aug 25, 2021
gix-path can use a fake program files location
High
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Frontier's modexp precompile is slow for even modulus
High
CVE-2023-28431
was published
for
pallet-evm-precompile-modexp
(Rust)
Mar 21, 2023
Improper Authorization in Select Permissions
High
GHSA-9722-9j67-vjcr
was published
for
surrealdb
(Rust)
Oct 8, 2024
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
High
GHSA-qjrv-v6qp-x99x
was published
for
surrealdb
(Rust)
Oct 8, 2024
async-graphql Directive Overload
High
CVE-2024-47614
was published
for
async-graphql
(Rust)
Oct 3, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Denial of service by double-checked locking in openssl-src
High
CVE-2022-3996
was published
for
openssl-src
(Rust)
Dec 13, 2022
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
High
CVE-2024-41815
was published
for
starship
(Rust)
Jul 26, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Untrusted Query Object Evaluation in RPC API
High
GHSA-64f8-pjgr-9wmr
was published
for
surrealdb
(Rust)
Sep 11, 2024
BER/CER/DER decoder panics on invalid input
High
CVE-2023-39914
was published
for
bcder
(Rust)
Sep 13, 2023
Denial of service in quinn-proto when using `Endpoint::retry()`
High
CVE-2024-45311
was published
for
quinn-proto
(Rust)
Sep 3, 2024
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
High
CVE-2024-7884
was published
for
ic_cdk
(Rust)
Sep 5, 2024
Missing connection timeout in Aardvark-dns
High
CVE-2024-8418
was published
for
aardvark-dns
(Rust)
Sep 4, 2024
olm-sys: wrapped library unmaintained, potentially vulnerable
High
GHSA-p2q9-36vw-c468
was published
for
olm-sys
(Rust)
Sep 3, 2024
Cargo prior to Rust 1.26.0 may download the wrong dependency
High
CVE-2019-16760
was published
for
cargo
(Rust)
May 24, 2022
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
High
CVE-2024-43783
was published
for
apollo-router
(Rust)
Aug 27, 2024
ProTip!
Advisories are also available from the
GraphQL API