GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Low
CVE-2021-32715
was published
for
hyper
(Rust)
Jul 12, 2021
Chrono has potential segfault issue in SPIFFE authenticator
Low
GHSA-45w3-v3g4-54pm
was published
for
parsec-service
(Rust)
Feb 11, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Low
CVE-2022-27814
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 15, 2022
Threshold value is ignored (all shares are n=3)
Low
GHSA-978j-88f3-p5j3
was published
for
shamir
(Rust)
Jun 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
ansi_term is Unmaintained
Low
GHSA-74w3-p89x-ffgh
was published
for
ansi_term
(Rust)
Sep 16, 2022
•
withdrawn
personnummer/rust vulnerable to Improper Input Validation
Low
GHSA-28r9-pq4c-wp3c
was published
for
personnummer
(Rust)
Sep 21, 2022
Tauri Filesystem Scope can be Partially Bypassed
Low
CVE-2022-41874
was published
for
Tauri
(Rust)
Nov 8, 2022
linux-loader reading beyond EOF could lead to infinite loop
Low
CVE-2022-23523
was published
for
linux-loader
(Rust)
Dec 12, 2022
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Low
GHSA-4q83-7cq4-p6wg
was published
for
tokio
(Rust)
Feb 4, 2023
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Low
GHSA-fjj4-2q73-jvgc
was published
for
ckb
(Rust)
Feb 8, 2023
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Low
GHSA-p2gm-ffr3-w2xw
was published
for
ckb
(Rust)
Feb 8, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Low
CVE-2023-27477
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
Undefined Behavior in Rust runtime functions
Low
CVE-2023-30624
was published
for
wasmtime
(Rust)
Apr 27, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Low
GHSA-25mx-8f3v-8wh7
was published
for
sequoia-openpgp
(Rust)
Jun 6, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic
Low
GHSA-29mf-62xx-28jq
was published
for
buffered-reader
(Rust)
Jun 6, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service
Low
CVE-2023-33290
was published
for
git-url-parse
(Rust)
Jun 12, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
Potential denial of service after connection migration
Low
GHSA-rfhg-rjfp-9q8q
was published
for
s2n-quic
(Rust)
Jul 24, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners
Low
GHSA-gch5-hwqf-mxhp
was published
for
intaglio
(Rust)
Jul 27, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
ntpd has Dependency on Vulnerable Third-Party Component
Low
GHSA-37xq-q42p-rv3p
was published
for
ntpd
(Rust)
Aug 24, 2023
ProTip!
Advisories are also available from the
GraphQL API