GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
owning_ref vulnerable to multiple soundness issues
Moderate
GHSA-9qxh-258v-666c
was published
for
owning_ref
(Rust)
Aug 10, 2022
matrix-sdk 0.6.0 logs access tokens
Moderate
GHSA-fc4h-xcf3-qj5f
was published
for
matrix-sdk
(Rust)
Oct 25, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Moderate
GHSA-hrjv-pf36-jpmr
was published
for
oqs
(Rust)
Aug 18, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Moderate
GHSA-gfgm-chr3-x6px
was published
for
prettytable-rs
(Rust)
Dec 30, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Moderate
GHSA-9mfc-chwf-7whf
was published
for
ckb
(Rust)
Nov 2, 2022
rocksdb vulnerable to out-of-bounds read
Moderate
GHSA-xpp3-xrff-w6rh
was published
for
rocksdb
(Rust)
Aug 12, 2022
Data races in model
Moderate
GHSA-8q64-wrfr-q48c
was published
for
model
(Rust)
Aug 25, 2021
•
withdrawn
use-after-free vulnerability in Rust array-queue
Moderate
CVE-2020-35900
was published
for
array-queue
(Rust)
Aug 25, 2021
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>
Moderate
GHSA-jh2g-xhqq-x4w9
was published
for
rcu_cell
(Rust)
Aug 25, 2021
•
withdrawn
Data races in unicycle
Moderate
GHSA-7mg7-m5c3-3hqj
was published
for
unicycle
(Rust)
Aug 25, 2021
•
withdrawn
Singleton lacks bounds on Send and Sync.
Moderate
GHSA-vj88-5667-w56p
was published
for
ruspiro-singleton
(Rust)
Aug 25, 2021
•
withdrawn
Assumed memory layout of std::net::SocketAddr
Moderate
GHSA-p5w9-856p-8q4g
was published
for
socket2
(Rust)
Aug 25, 2021
•
withdrawn
MvccRwLock allows data races & aliasing violations
Moderate
GHSA-mgg8-9pvp-6qcw
was published
for
noise_search
(Rust)
Aug 25, 2021
•
withdrawn
Data races in generator
Moderate
GHSA-h6gg-fvf5-qgwf
was published
for
generator
(Rust)
Aug 25, 2021
•
withdrawn
Unexpected panics in num-bigint
Moderate
GHSA-v935-pqmr-g8v9
was published
for
num-bigint
(Rust)
Nov 3, 2021
VecStorage Deserialize Allows Violation of Length Invariant
Moderate
GHSA-h3mf-4fwp-59c7
was published
for
nalgebra
(Rust)
Aug 5, 2021
•
withdrawn
Queue<T> should have a Send bound on its Send/Sync traits
Moderate
GHSA-v42f-j8fx-99f3
was published
for
scottqueue
(Rust)
Aug 25, 2021
•
withdrawn
Partial read is incorrect in molecule
Moderate
GHSA-82hm-vh7g-hrh9
was published
for
molecule
(Rust)
Aug 25, 2021
smallvec creates uninitialized value of any type
Moderate
GHSA-66p5-j55p-32r9
was published
for
smallvec
(Rust)
Aug 25, 2021
Uncaught Exception in libpulse-binding
Moderate
GHSA-wcxc-jf6c-8rx9
was published
for
libpulse-binding
(Rust)
Aug 25, 2021
Improper synchronization in buttplug
Moderate
CVE-2020-36218
was published
for
buttplug
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API