Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

275 advisories

Loading
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending Moderate
CVE-2023-30610 was published for aws-sigv4 (Rust) Apr 26, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites Moderate
CVE-2023-31134 was published for tauri (Rust) May 3, 2023
Stored cross site scripting in Microbin Moderate
CVE-2023-27075 was published for microbin (Rust) May 4, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service Moderate
CVE-2023-41317 was published for apollo-router (Rust) Sep 7, 2023
nmoutschen abernix
o0Ignition0o BrynCooke peakematt jasonbarnett667 Geal
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles Moderate
CVE-2023-34460 was published for tauri (Rust) Jun 21, 2023
tillmann-crabnebula chip-crabnebula
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse Moderate
GHSA-6878-6wc2-pf5h was published for cocoon (Rust) Oct 24, 2023
Parsing borsh messages with ZST which are not-copy/clone is unsound Moderate
GHSA-fjx5-qpf4-xjf2 was published for borsh (Rust) Apr 17, 2023
Reference counting error in pyo3 Moderate
CVE-2020-35917 was published for pyo3 (Rust) Aug 25, 2021
tdunlap607
Users vulnerable to unaligned read of `*const *const c_char` pointer Moderate
GHSA-jcr6-4frq-9gjj was published for users (Rust) Sep 11, 2023
Inventory exposes reference to non-Sync data to an arbitrary thread Moderate
GHSA-36xm-35qq-795w was published for inventory (Rust) Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime Moderate
GHSA-ghc8-5cgm-5rpf was published for inventory (Rust) Sep 11, 2023
openssl-src NULL pointer Dereference in signature_algorithms processing Moderate
CVE-2021-3449 was published for openssl-src (Rust) Aug 25, 2021
another-rex
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value` Moderate
GHSA-5m39-wx2q-mxg3 was published for lzf (Rust) Nov 8, 2022
mail-internals use-after-free vulnerability in `vec_insert_bytes` Moderate
GHSA-rcx8-48pc-v9q8 was published for mail-internals (Rust) Aug 24, 2023
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
`ed25519-dalek` Double Public Key Signing Function Oracle Attack Moderate
GHSA-w5vr-6qhr-36cc was published for ed25519-dalek (Rust) Aug 14, 2023
Cargo extracting malicious crates can fill the file system Moderate
CVE-2022-36114 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
Transaction validity oversight in pallet-ethereum Moderate
CVE-2021-39193 was published for frontier (Rust) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API