Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

772 advisories

async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
karimhreda
owning_ref vulnerable to multiple soundness issues Moderate
GHSA-9qxh-258v-666c was published for owning_ref (Rust) Aug 10, 2022
lz4-sys vulnerable to memory corruption via issue in liblz4 Critical
GHSA-9q5j-jm53-v7vr was published for lz4-sys (Rust) Sep 1, 2022
matrix-sdk 0.6.0 logs access tokens Moderate
GHSA-fc4h-xcf3-qj5f was published for matrix-sdk (Rust) Oct 25, 2022
Chrono has potential segfault issue in SPIFFE authenticator Low
GHSA-45w3-v3g4-54pm was published for parsec-service (Rust) Feb 11, 2022
hyper-staticfile's location header incorporates user input, allowing open redirect Moderate
GHSA-5wvv-q5fv-2388 was published for hyper-staticfile (Rust) Dec 30, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken Moderate
GHSA-hrjv-pf36-jpmr was published for oqs (Rust) Aug 18, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior Moderate
GHSA-gfgm-chr3-x6px was published for prettytable-rs (Rust) Dec 30, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
ckb: Transaction header_deps validation issue (network forking) Critical
GHSA-7fw6-6mfj-g3q2 was published for ckb (Rust) Nov 2, 2022
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low. Moderate
GHSA-9mfc-chwf-7whf was published for ckb (Rust) Nov 2, 2022
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
Generated code can read and write out of bounds in safe code Critical
GHSA-3jch-9qgp-4844 was published for flatbuffers (Rust) Jun 16, 2022
rocksdb vulnerable to out-of-bounds read Moderate
GHSA-xpp3-xrff-w6rh was published for rocksdb (Rust) Aug 12, 2022
Double free in algorithmica High
CVE-2021-31996 was published for algorithmica (Rust) Aug 25, 2021
WITHDRAWN Moderate
GHSA-8q5c-93vg-c747 was published for toolshed (Rust) Aug 25, 2021 withdrawn
Data races in model Moderate
GHSA-8q64-wrfr-q48c was published for model (Rust) Aug 25, 2021 withdrawn
Double free in endian_trait High
CVE-2021-29929 was published for endian_trait (Rust) Aug 25, 2021
Use after free in rio Critical
CVE-2020-35876 was published for rio (Rust) Aug 25, 2021
use-after-free vulnerability in Rust array-queue Moderate
CVE-2020-35900 was published for array-queue (Rust) Aug 25, 2021
Data races in unicycle Moderate
GHSA-7mg7-m5c3-3hqj was published for unicycle (Rust) Aug 25, 2021 withdrawn
Singleton lacks bounds on Send and Sync. Moderate
GHSA-vj88-5667-w56p was published for ruspiro-singleton (Rust) Aug 25, 2021 withdrawn
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T> Moderate
GHSA-jh2g-xhqq-x4w9 was published for rcu_cell (Rust) Aug 25, 2021 withdrawn
Double free in insert_many High
CVE-2021-29933 was published for insert_many (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API