Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,021 advisories

Loading
Data races in tiny_future High
GHSA-m296-j53x-xv95 was published for tiny_future (Rust) Aug 25, 2021
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
Data race in syncpool High
CVE-2020-36462 was published for syncpool (Rust) Aug 25, 2021
Data races in ticketed_lock High
GHSA-gq4h-f254-7cw9 was published for ticketed_lock (Rust) Aug 25, 2021
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
Use after free in string-interner High
CVE-2019-16882 was published for string-interner (Rust) Aug 25, 2021
tdunlap607
Excessive memory usage in tokio-rustls High
CVE-2020-35875 was published for tokio-rustls (Rust) Aug 25, 2021
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Double free in toodee Critical
CVE-2021-28028 was published for toodee (Rust) Sep 1, 2021
Race Condition in tokio High
CVE-2021-45710 was published for tokio (Rust) Jan 6, 2022
Use of Uninitialized Resource in tectonic_xdv Critical
CVE-2021-45703 was published for tectonic_xdv (Rust) Jan 6, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022
Links in archive can create arbitrary directories High
CVE-2021-38511 was published for tar (Rust) Aug 25, 2021
Double free in sys-info Critical
CVE-2020-36434 was published for sys-info (Rust) Aug 25, 2021
Data race in tiny_future High
CVE-2020-36438 was published for tiny_future (Rust) Aug 25, 2021
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
Data races in ticketed_lock High
CVE-2020-36439 was published for ticketed_lock (Rust) Aug 25, 2021
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
Data race in va-ts Moderate
CVE-2020-36220 was published for va-ts (Rust) Aug 25, 2021
tower-http's improper validation of Windows paths could lead to directory traversal attack High
GHSA-qrqq-9c63-xfrg was published for tower-http (Rust) Aug 11, 2022
Data race in abox High
CVE-2020-36441 was published for abox (Rust) Aug 25, 2021
Uncontrolled recursion in rust-yaml High
CVE-2018-20993 was published for yaml-rust (Rust) Aug 25, 2021
Out of bounds read in xcb Critical
CVE-2021-26957 was published for xcb (Rust) Aug 25, 2021
Out-of-bounds Write in vec-const High
CVE-2021-45680 was published for vec-const (Rust) Jan 6, 2022
Uncontrolled recursion in trust-dns-proto High
CVE-2018-20994 was published for trust-dns-proto (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database