Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
Credited to another-rex
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability Moderate
GHSA-grjp-54v3-c442 was published for usd-core (pip) Oct 29, 2025
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults High
CVE-2025-54588 was published for github.com/envoyproxy/envoy (Go) Sep 15, 2025
agrawroh yanavlasov
phlax botengyao
Credited to agrawroh, yanavlasov, phlax, and botengyao
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution Critical
GHSA-58p5-r2f6-g2cj was published for usd-core (pip) Sep 4, 2025
bshyuunn
Credited to bshyuunn
Reverb use after free vulnerability Moderate
CVE-2024-8375 was published for dm-reverb (pip) Sep 19, 2024
pycares has a Use-After-Free Vulnerability Moderate
GHSA-5qpg-rh4j-qp35 was published for pycares (pip) Jun 16, 2025
vEpiphyte
Credited to vEpiphyte
Pytorch use-after-free vulnerability High
CVE-2024-31583 was published for torch (pip) Apr 17, 2024
levpachmanov
Credited to levpachmanov
Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader Moderate
GHSA-vcc3-rw6f-jv97 was published for nokogiri (RubyGems) Mar 18, 2024 withdrawn
postmodern
Credited to postmodern
Process Sync has a Potential Unsound Issue in SharedMutex Low
CVE-2025-48752 was published for process-sync (Rust) May 24, 2025
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
Credited to yoshizawa-masatoshi and lumaxis
Use after free in actix-service Moderate
CVE-2020-35899 was published for actix-service (Rust) Aug 25, 2021
AnonySE26
Credited to AnonySE26
Use-after-free in actix-codec Critical
CVE-2020-35902 was published for actix-codec (Rust) Aug 25, 2021
AnonySE26
Credited to AnonySE26
Use after free in actix-utils Critical
CVE-2020-35898 was published for actix-utils (Rust) Aug 25, 2021
AnonySE26
Credited to AnonySE26
macroquad vulnerable to multiple soundness issues High
GHSA-gg76-hg3v-5q6c was published for macroquad (Rust) May 15, 2025
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability High
CVE-2024-38229 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Oct 8, 2024
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Critical
CVE-2024-35264 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Jul 9, 2024
diplib Double Free Moderate
CVE-2021-39432 was published for diplib (pip) Nov 4, 2022
Wasmtime vulnerable to Use After Free with `externref`s Moderate
CVE-2022-31146 was published for cranelift-codegen (Rust) Jul 20, 2022
alexcrichton fitzgen
jameysharp
Credited to alexcrichton, fitzgen, and jameysharp
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Credited to fitzgen and cfallin
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
Credited to CastleQuirm, kw217, angusi, and bossmc
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints Moderate
GHSA-vgmh-mqm4-8j88 was published for pared (Rust) Mar 24, 2025
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs High
GHSA-mrxw-mxhj-p664 was published for nokogiri (RubyGems) Mar 14, 2025
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-vvfq-8hwr-qm4m was published for nokogiri (RubyGems) Feb 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database