Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

307 advisories

Loading
`ed25519-dalek` Double Public Key Signing Function Oracle Attack Moderate
GHSA-w5vr-6qhr-36cc was published for ed25519-dalek (Rust) Aug 14, 2023
mail-internals use-after-free vulnerability in `vec_insert_bytes` Moderate
GHSA-rcx8-48pc-v9q8 was published for mail-internals (Rust) Aug 24, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service Moderate
CVE-2023-41317 was published for apollo-router (Rust) Sep 7, 2023
nmoutschen abernix
o0Ignition0o BrynCooke peakematt jasonbarnett667 Geal
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime Moderate
GHSA-ghc8-5cgm-5rpf was published for inventory (Rust) Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer Moderate
GHSA-jcr6-4frq-9gjj was published for users (Rust) Sep 11, 2023
Inventory exposes reference to non-Sync data to an arbitrary thread Moderate
GHSA-36xm-35qq-795w was published for inventory (Rust) Sep 11, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
gix-transport code execution vulnerability Moderate
GHSA-rrjw-j4m2-mf34 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon sigmaSd
popey
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse Moderate
GHSA-6878-6wc2-pf5h was published for cocoon (Rust) Oct 24, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
`openssl` `X509StoreRef::objects` is unsound Moderate
GHSA-xphf-cx8h-7q9g was published for openssl (Rust) Nov 28, 2023
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
Environment variables still accessible through /proc Moderate
GHSA-wj7f-468m-6mv8 was published for birdcage (Rust) Dec 1, 2023
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Unbounded queuing of path validation messages in cloudflare-quiche Moderate
CVE-2023-6193 was published for quiche (Rust) Dec 13, 2023
LPardue marten-seemann
Zerocopy: Some Ref methods are unsound with some type parameters Moderate
GHSA-rjhf-4mh8-9xjq was published for zerocopy (Rust) Dec 18, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms Moderate
GHSA-r24f-hg58-vfrw was published for unsafe-libyaml (Rust) Dec 21, 2023
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access Moderate
CVE-2023-50711 was published for vmm-sys-util (Rust) Jan 2, 2024
bchalios
Rust EVM erroneousle handles `record_external_operation` error return Moderate
CVE-2024-21629 was published for evm (Rust) Jan 3, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database