GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
zstd vulnerable to buffer overrun
High
CVE-2022-4899
was published
for
github.com/facebook/zstd
(pip)
Mar 31, 2023
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
yyjson has a Double Free vulnerability
High
CVE-2024-25713
was published
for
github.com/ibireme/yyjson
(Swift)
Feb 29, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
SwiftTerm Code Injection vulnerability
High
CVE-2022-23465
was published
for
github.com/migueldeicaza/SwiftTerm
(Swift)
Jul 14, 2023
Denial of Service via reachable assertion
High
CVE-2022-24777
was published
for
github.com/grpc/grpc-swift
(Swift)
Jun 9, 2023
Denial of service via HTTP/2 HEADERS frames padding
High
CVE-2022-0618
was published
for
github.com/apple/swift-nio-http2
(Swift)
Jun 9, 2023
Path traversal in ZIPFoundation
High
CVE-2023-39138
was published
for
github.com/weichsel/ZIPFoundation
(Swift)
Aug 31, 2023
Path traversal in Zip Swift
High
CVE-2023-39135
was published
for
github.com/marmelroy/Zip
(Swift)
Aug 31, 2023
Vapor's incorrect request error handling triggers server crash
Moderate
CVE-2023-44386
was published
for
github.com/vapor/vapor
(Swift)
Oct 5, 2023
Vapor contains an integer overflow in URI leading to potential host spoofing
Moderate
CVE-2024-21631
was published
for
github.com/vapor/vapor
(Swift)
Jan 3, 2024
PostgresNIO processes unencrypted bytes from man-in-the-middle
Low
CVE-2023-31136
was published
for
github.com/vapor/postgres-nio
(Swift)
May 10, 2023
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
High
CVE-2022-24666
was published
for
github.com/apple/swift-nio-http2
(Swift)
May 18, 2023
Vapor vulnerable to denial of service in URLEncodedFormDecoder
High
CVE-2022-31019
was published
for
github.com/vapor/vapor
(Swift)
Jun 7, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
High
GHSA-pv7r-9vjg-g3f9
was published
for
github.com/apple/swift-nio-http2
(Swift)
Feb 11, 2022
•
withdrawn
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
High
CVE-2022-24667
was published
for
github.com/apple/swift-nio-http2
(Swift)
May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
High
GHSA-wfvq-p7qf-vv64
was published
for
github.com/apple/swift-nio-http2
(Swift)
Feb 11, 2022
•
withdrawn
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
High
CVE-2022-24668
was published
for
github.com/apple/swift-nio-http2
(Swift)
May 18, 2023
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
High
GHSA-gpgx-whwh-r297
was published
for
github.com/apple/swift-nio-http2
(Swift)
Feb 11, 2022
•
withdrawn
Arbitrary file read using percent-encoded relative paths in FileMiddleware
Moderate
CVE-2020-15230
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
Vapor's Metrics integration could cause a system drain
Moderate
CVE-2021-21328
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
Moderate
CVE-2021-32742
was published
for
github.com/vapor/vapor
(Swift)
Jun 9, 2023
ProTip!
Advisories are also available from the
GraphQL API