Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,025 advisories

Loading
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Cargo extracting malicious crates can fill the file system Moderate
CVE-2022-36114 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
Duplicate of GHSA-m77f-652q-wwp4 High
GHSA-2gg5-7c4v-6xx2 was published for axum-core (Rust) Sep 15, 2022 withdrawn
NLnet Labs Routinator has Reachable Assertion vulnerability High
CVE-2022-3029 was published for routinator (Rust) Sep 14, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
lz4-sys vulnerable to memory corruption via issue in liblz4 Critical
GHSA-9q5j-jm53-v7vr was published for lz4-sys (Rust) Sep 1, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation Moderate
GHSA-3fg9-hcq5-vxrc was published for iana-time-zone (Rust) Aug 30, 2022
mz-avro's incorrect use of `set_len` allows for un-initialized memory Moderate
GHSA-jwh2-vrr9-vcp2 was published for mz-avro (Rust) Aug 30, 2022
opcua Vulnerable to Out-of-bounds Write High
CVE-2022-25903 was published for opcua (Rust) Aug 25, 2022
Uncontrolled Resource Consumption in opcua High
CVE-2022-25888 was published for opcua (Rust) Aug 24, 2022
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for fc-rpc (Rust) Aug 18, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken Moderate
GHSA-hrjv-pf36-jpmr was published for oqs (Rust) Aug 18, 2022
rocksdb vulnerable to out-of-bounds read Moderate
GHSA-xpp3-xrff-w6rh was published for rocksdb (Rust) Aug 12, 2022
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack High
GHSA-qrqq-9c63-xfrg was published for tower-http (Rust) Aug 11, 2022
owning_ref vulnerable to multiple soundness issues Moderate
GHSA-9qxh-258v-666c was published for owning_ref (Rust) Aug 10, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU High
CVE-2022-35724 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash High
CVE-2022-36125 was published for apache-avro (Rust) Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
`libsqlite3-sys` via C SQLite improperly validates array index High
CVE-2022-35737 was published for libsqlite3-sys (Rust) Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM c0mp1eks
nullswan
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
c0mp1eks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database