GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
872 advisories
Filter by severity
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Moderate
CVE-2024-4435
was published
for
ic-stable-structures
(Rust)
May 21, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Tor path lengths too short when "full Vanguards" configured
Moderate
CVE-2024-35313
was published
for
arti
(Rust)
May 18, 2024
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Moderate
CVE-2024-34353
was published
for
matrix-sdk-crypto
(Rust)
May 13, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
vodozemac has degraded secret zeroization capabilities
Low
CVE-2024-34063
was published
for
vodozemac
(Rust)
May 3, 2024
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Critical
CVE-2024-32971
was published
for
apollo-router
(Rust)
May 2, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
CosmWasm affected by arithmetic overflows
Low
GHSA-8724-5xmm-w5xq
was published
for
cosmwasm-std
(Rust)
Apr 24, 2024
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Moderate
GHSA-mc39-h54g-pvw6
was published
for
libdav1d-sys
(Rust)
Apr 5, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects
High
GHSA-xfhw-6mc4-mgxf
was published
for
crayon
(Rust)
Apr 5, 2024
whoami stack buffer overflow on several Unix platforms
High
GHSA-w5w5-8vfh-xcjq
was published
for
whoami
(Rust)
Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast
High
GHSA-4v52-7q2x-v4xj
was published
for
eyre
(Rust)
Apr 5, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
aliyundrive-webdav vulnerable to Command Injection
High
CVE-2024-29640
was published
for
aliyundrive-webdav
(pip)
Mar 29, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API