GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
lexical-core has multiple soundness issues
Low
GHSA-2326-pfpj-vx3h
was published
for
lexical-core
(Rust)
Sep 16, 2024
gix-path uses local config across repos when it is the highest scope
Low
CVE-2024-45305
was published
for
gix-path
(Rust)
Sep 3, 2024
gitoxide-core does not neutralize special characters for terminals
Low
CVE-2024-43785
was published
for
gitoxide
(Rust)
Aug 22, 2024
biscuit-auth vulnerable to public key confusion in third party block
Low
CVE-2024-41949
was published
for
biscuit-auth
(Rust)
Jul 31, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Low
GHSA-66fw-43h8-f8p3
was published
for
xmp_toolkit
(Rust)
Jul 26, 2024
The kstring integration in gix-attributes is unsound
Low
GHSA-cx7h-h87r-jpgr
was published
for
gix-attributes
(Rust)
Jul 25, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Low
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
RISC Zero zkVM notes on zero-knowledge
Low
GHSA-5xgj-pmjj-gw49
was published
for
risc0-zkvm
(Rust)
Jul 15, 2024
Low severity (DoS) vulnerability in sequoia-openpgp
Low
GHSA-9344-p847-qm5c
was published
for
sequoia-openpgp
(Rust)
Jun 26, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
vodozemac has degraded secret zeroization capabilities
Low
CVE-2024-34063
was published
for
vodozemac
(Rust)
May 3, 2024
CosmWasm affected by arithmetic overflows
Low
GHSA-8724-5xmm-w5xq
was published
for
cosmwasm-std
(Rust)
Apr 24, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Low
GHSA-pr39-8257-fxc2
was published
for
ckb
(Rust)
Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability
Low
CVE-2022-39394
was published
for
wasmtime
(Rust)
Feb 1, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Low
GHSA-3mv5-343c-w2qg
was published
for
zerocopy
(Rust)
Dec 15, 2023
s2n-quic potential denial of service via crafted stream frames
Low
GHSA-475v-pq2g-fp9g
was published
for
s2n-quic
(Rust)
Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Low
GHSA-j57r-4qw6-58r3
was published
for
rusty-paseto
(Rust)
Nov 7, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Low
CVE-2023-41880
was published
for
wasmtime
(Rust)
Sep 14, 2023
ProTip!
Advisories are also available from the
GraphQL API