GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
Improper handling of NTS cookie length that could crash the ntpd-rs server
High
CVE-2023-33192
was published
for
ntpd
(Rust)
May 25, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization
High
CVE-2023-28446
was published
for
deno
(Rust)
Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
High
GHSA-9qwg-crg9-m2vc
was published
for
openssl
(Rust)
Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
High
GHSA-6hcf-g6gr-hhcr
was published
for
openssl
(Rust)
Mar 24, 2023
Frontier's modexp precompile is slow for even modulus
High
CVE-2023-28431
was published
for
pallet-evm-precompile-modexp
(Rust)
Mar 21, 2023
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
High
GHSA-xr9w-x6gw-c9mj
was published
for
deno
(Rust)
Feb 25, 2023
•
withdrawn
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
High
CVE-2023-0215
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
High
CVE-2023-0216
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex`
High
CVE-2022-4450
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src subject to NULL dereference validating DSA public key
High
CVE-2023-0217
was published
for
openssl-src
(Rust)
Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification
High
CVE-2023-0401
was published
for
openssl-src
(Rust)
Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels
High
CVE-2023-0286
was published
for
cryptography
(pip)
Feb 8, 2023
Warp vulnerable to Path Traversal via Improper validation of Windows paths
High
GHSA-8v4j-7jgf-5rg9
was published
for
warp
(Rust)
Jan 31, 2023
Deno is vulnerable to race condition via interactive permission prompt spoofing
High
CVE-2023-22499
was published
for
deno
(Rust)
Jan 20, 2023
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
High
CVE-2023-22895
was published
for
bzip2
(Rust)
Jan 10, 2023
Denial of service by double-checked locking in openssl-src
High
CVE-2022-3996
was published
for
openssl-src
(Rust)
Dec 13, 2022
Creator Verification Error when Bubblegum Activate
High
GHSA-8r76-fr72-j32w
was published
for
mpl-bubblegum
(Rust)
Dec 12, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23486
was published
for
libp2p
(Rust)
Dec 7, 2022
Wasmtime may have data leakage between instances in the pooling allocator
High
CVE-2022-39393
was published
for
wasmtime
(Rust)
Nov 10, 2022
ckb type_id script resume may randomly fail
High
GHSA-mcmr-49x3-4jqm
was published
for
ckb
(Rust)
Nov 2, 2022
X.509 Email Address Variable Length Buffer Overflow
High
CVE-2022-3786
was published
for
openssl-src
(Rust)
Nov 1, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length
High
CVE-2022-39294
was published
for
conduit-hyper
(Rust)
Oct 31, 2022
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
High
CVE-2022-3358
was published
for
openssl-src
(Rust)
Oct 11, 2022
Exposure of sensitive Slack webhook URLs in debug logs and traces
High
CVE-2022-39292
was published
for
slack-morphism
(Rust)
Oct 10, 2022
WASM3 Improper Input Validation vulnerability
High
CVE-2022-39974
was published
for
pywasm3
(pip)
Sep 21, 2022
ProTip!
Advisories are also available from the
GraphQL API