GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
776 advisories
Filter by severity
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Rust EVM erroneousle handles `record_external_operation` error return
Moderate
CVE-2024-21629
was published
for
evm
(Rust)
Jan 3, 2024
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
Remotely exploitable denial of service in Rosenpass
High
GHSA-6ggr-cwv4-g7qg
was published
for
rosenpass
(Rust)
Dec 21, 2023
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Moderate
GHSA-r24f-hg58-vfrw
was published
for
unsafe-libyaml
(Rust)
Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Zerocopy: Some Ref methods are unsound with some type parameters
Moderate
GHSA-rjhf-4mh8-9xjq
was published
for
zerocopy
(Rust)
Dec 18, 2023
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
Full Table Permissions by Default
High
GHSA-x5fr-7hhj-34j3
was published
for
surrealdb
(Rust)
Dec 15, 2023
Unbounded queuing of path validation messages in cloudflare-quiche
Moderate
CVE-2023-6193
was published
for
quiche
(Rust)
Dec 13, 2023
Wasmer filesystem sandbox not enforced
High
CVE-2023-51661
was published
for
wasmer-cli
(Rust)
Dec 13, 2023
Candid infinite decoding loop through specially crafted payload
High
CVE-2023-6245
was published
for
candid
(Rust)
Dec 8, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak
Moderate
CVE-2023-6180
was published
for
tokio-boring
(Rust)
Dec 5, 2023
Environment variables still accessible through /proc
Moderate
GHSA-wj7f-468m-6mv8
was published
for
birdcage
(Rust)
Dec 1, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
GHSA-4grx-2x9w-596c
was published
for
rsa
(Rust)
Nov 28, 2023
`openssl` `X509StoreRef::objects` is unsound
Moderate
GHSA-xphf-cx8h-7q9g
was published
for
openssl
(Rust)
Nov 28, 2023
Insufficient covariance check makes self_cell unsound
High
GHSA-48m6-wm5p-rr6h
was published
for
self_cell
(Rust)
Nov 14, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
ProTip!
Advisories are also available from the
GraphQL API