Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
MutexGuard::map can cause a data race in safe code Moderate
CVE-2020-35905 was published for futures-util (Rust) May 24, 2022
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer Moderate
CVE-2020-35907 was published for futures-task (Rust) May 24, 2022
`net2` invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35919 was published for net2 (Rust) May 24, 2022
Async-h1 request smuggling possible with long unread bodies Moderate
CVE-2020-36202 was published for async-h1 (Rust) May 24, 2022
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver Moderate
CVE-2021-20332 was published for mongodb (Rust) May 24, 2022
alex-semenyuk richardfan0606
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
Space bug in `clean_text` Moderate
GHSA-p2g9-94wh-65c2 was published for ammonia (Rust) Jun 16, 2022
tdunlap607
`array!` macro is unsound in presence of traits that implement methods it calls internally Moderate
GHSA-83gg-pwxf-jr89 was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
`array!` macro is unsound when its length is impure constant Moderate
GHSA-7v4j-8wvr-v55r was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
Potential segfault in `localtime_r` invocations Moderate
GHSA-cqpr-pcm7-m3jc was published for chrono (Rust) Jun 16, 2022 withdrawn
KamilaBorowska penberg
`SegQueue` creates zero value of any type Moderate
GHSA-6888-wf7j-34jq was published for crossbeam-queue (Rust) Jun 16, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-8gj8-hv75-gp94 was published for crossbeam (Rust) Jun 16, 2022
QueryInterface should call AddRef before returning pointer Moderate
GHSA-9rg7-3j4f-cf4x was published for derive-com-impl (Rust) Jun 16, 2022
AtomicBucket<T> unconditionally implements Send/Sync Moderate
GHSA-3hxh-7jxm-59x4 was published for metrics-util (Rust) Jun 17, 2022
Aliased mutable references from `tls_rand` & `TlsWyRand` Moderate
GHSA-p6gj-gpc8-f8xw was published for nanorand (Rust) Jun 17, 2022
Optional `Deserialize` implementations lacking validation Moderate
GHSA-jf5h-cf95-w759 was published for raw-cpuid (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
Panic on incorrect date input to `simple_asn1` Moderate
GHSA-3m6f-3gfg-4x56 was published for simple_asn1 (Rust) Jun 17, 2022
saethlin
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
vec-const attempts to construct a Vec from a pointer to a const slice Moderate
GHSA-jmwx-r3gq-qq3p was published for vec-const (Rust) Jun 17, 2022
Use After Free in Context::start_auth_session Moderate
GHSA-w3vw-ccc5-qr8v was published for tss-esapi (Rust) Jun 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database