Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,025 advisories

Loading
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Rust EVM erroneousle handles `record_external_operation` error return Moderate
CVE-2024-21629 was published for evm (Rust) Jan 3, 2024
safe_pqc_kyber leaks parts of secret keys High
GHSA-p4v8-jgcv-9g75 was published for safe_pqc_kyber (Rust) Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access Moderate
CVE-2023-50711 was published for vmm-sys-util (Rust) Jan 2, 2024
bchalios
Remotely exploitable denial of service in Rosenpass Moderate
CVE-2023-53157 was published for rosenpass (Rust) Dec 21, 2023
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms Moderate
GHSA-r24f-hg58-vfrw was published for unsafe-libyaml (Rust) Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
sugar700 levpachmanov
Zerocopy: Some Ref methods are unsound with some type parameters Moderate
GHSA-rjhf-4mh8-9xjq was published for zerocopy (Rust) Dec 18, 2023
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut Low
GHSA-3mv5-343c-w2qg was published for zerocopy (Rust) Dec 15, 2023
Full Table Permissions by Default High
GHSA-x5fr-7hhj-34j3 was published for surrealdb (Rust) Dec 15, 2023
LucyEgan
Unbounded queuing of path validation messages in cloudflare-quiche Moderate
CVE-2023-6193 was published for quiche (Rust) Dec 13, 2023
LPardue marten-seemann
Wasmer filesystem sandbox not enforced High
CVE-2023-51661 was published for wasmer-cli (Rust) Dec 13, 2023
yagehu
Candid infinite decoding loop through specially crafted payload High
CVE-2023-6245 was published for candid (Rust) Dec 8, 2023
venkkatesh-sekar chenyan-dfinity
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
Environment variables still accessible through /proc Moderate
GHSA-wj7f-468m-6mv8 was published for birdcage (Rust) Dec 1, 2023
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune
`openssl` `X509StoreRef::objects` is unsound Moderate
GHSA-xphf-cx8h-7q9g was published for openssl (Rust) Nov 28, 2023
Insufficient covariance check makes self_cell unsound High
GHSA-48m6-wm5p-rr6h was published for self_cell (Rust) Nov 14, 2023
s2n-quic potential denial of service via crafted stream frames Low
GHSA-475v-pq2g-fp9g was published for s2n-quic (Rust) Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om rrrodzilla
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database