Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,021 advisories

Loading
lol-html panics on certain HTML inputs High
CVE-2023-4241 was published for lol-html (Rust) Aug 9, 2023
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc
Cargo not respecting umask when extracting crate archives High
CVE-2023-38497 was published for cargo (Rust) Aug 3, 2023
addisoncrump pietroalbini
weihanglo ehuss cuviper Manishearth
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
Unsoundness in `intern` methods on `intaglio` symbol interners Low
GHSA-gch5-hwqf-mxhp was published for intaglio (Rust) Jul 27, 2023
Potential denial of service after connection migration Low
GHSA-rfhg-rjfp-9q8q was published for s2n-quic (Rust) Jul 24, 2023
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
libostree vulnerable to denial of service attack Moderate
CVE-2022-47085 was published for ostree (Rust) Jul 18, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all Low
GHSA-f2wx-xjfw-xjv6 was published for topgrade (Rust) Jul 17, 2023
signed-log
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
atty potential unaligned read Low
GHSA-g98v-hv3f-hcfr was published for atty (Rust) Jun 30, 2023
SamirTalwar typecasto
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` Moderate
GHSA-g753-ghr7-q33w was published for cyfs-base (Rust) Jun 22, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
CVE-2023-53159 was published for openssl (Rust) Jun 21, 2023
memoffset allows reading uninitialized memory Moderate
GHSA-wfg4-322g-9vqv was published for memoffset (Rust) Jun 21, 2023
Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service High
CVE-2023-33289 was published for urlnorm (Rust) Jun 21, 2023 withdrawn
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles Moderate
CVE-2023-34460 was published for tauri (Rust) Jun 21, 2023
tillmann-crabnebula chip-crabnebula
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
Ouroboros is Unsound Moderate
GHSA-87mf-9wg6-ppf8 was published for ouroboros (Rust) Jun 12, 2023
git-url-parse crate vulnerable to Regular Expression Denial of Service Low
CVE-2023-33290 was published for git-url-parse (Rust) Jun 12, 2023
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets Moderate
GHSA-5fm9-h728-fwpj was published for trust-dns-server (Rust) Jun 6, 2023
buffered-reader vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53161 was published for buffered-reader (Rust) Jun 6, 2023
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53160 was published for sequoia-openpgp (Rust) Jun 6, 2023
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
redsun82 kevinbackhouse
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database