Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low
CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
tdunlap607
Credited to mattiasgrenfeldt, asta12, and tdunlap607
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Credited to another-rex
Chrono has potential segfault issue in SPIFFE authenticator Low
GHSA-45w3-v3g4-54pm was published for parsec-service (Rust) Feb 11, 2022
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Low
CVE-2022-27814 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Shinyzenith
Credited to Shinyzenith
Threshold value is ignored (all shares are n=3) Low
GHSA-978j-88f3-p5j3 was published for shamir (Rust) Jun 17, 2022
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Credited to pietroalbini and litios
ansi_term is Unmaintained Low
GHSA-74w3-p89x-ffgh was published for ansi_term (Rust) Sep 16, 2022 withdrawn
kornelski Emilgardis
Credited to kornelski and Emilgardis
personnummer/rust vulnerable to Improper Input Validation Low
GHSA-28r9-pq4c-wp3c was published for personnummer (Rust) Sep 21, 2022
Tauri Filesystem Scope can be Partially Bypassed Low
CVE-2022-41874 was published for Tauri (Rust) Nov 8, 2022
linux-loader reading beyond EOF could lead to infinite loop Low
CVE-2022-23523 was published for linux-loader (Rust) Dec 12, 2022
likebreath
Credited to likebreath
`tokio::io::ReadHalf<T>::unsplit` is Unsound Low
GHSA-4q83-7cq4-p6wg was published for tokio (Rust) Feb 4, 2023
Nervos CKB calculation of program load cycles may be missed when executing in resume mode Low
GHSA-fjj4-2q73-jvgc was published for ckb (Rust) Feb 8, 2023
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message Low
GHSA-p2gm-ffr3-w2xw was published for ckb (Rust) Feb 8, 2023
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-mc8h-8q98-g5hr was published for remove_dir_all (Rust) Feb 24, 2023
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360
Credited to afonso360
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
Credited to guidovranken and alexcrichton
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53160 was published for sequoia-openpgp (Rust) Jun 6, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53161 was published for buffered-reader (Rust) Jun 6, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
Credited to SamirTalwar and typecasto
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log
Credited to signed-log
Potential denial of service after connection migration Low
GHSA-rfhg-rjfp-9q8q was published for s2n-quic (Rust) Jul 24, 2023
Unsoundness in `intern` methods on `intaglio` symbol interners Low
GHSA-gch5-hwqf-mxhp was published for intaglio (Rust) Jul 27, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth iusx
Credited to pietroalbini, cuviper, remkop22, ehuss, weihanglo, Manishearth, and iusx
ntpd has Dependency on Vulnerable Third-Party Component Low
GHSA-37xq-q42p-rv3p was published for ntpd (Rust) Aug 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database