Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,026 advisories

Loading
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
c0mp1eks
WASM3 segmentation fault Moderate
CVE-2022-34529 was published for pywasm3 (pip) Jul 28, 2022
Cranelift vulnerable to miscompilation of constant values in division on AArch64 Moderate
CVE-2022-31169 was published for cranelift-codegen (Rust) Jul 21, 2022
akirilov-arm
Wasmtime vulnerable to Use After Free with `externref`s Moderate
CVE-2022-31146 was published for cranelift-codegen (Rust) Jul 20, 2022
alexcrichton fitzgen
jameysharp
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs High
CVE-2022-31162 was published for slack-morphism (Rust) Jul 20, 2022
tdunlap607
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
openssl-src heap memory corruption with RSA private key operation Critical
CVE-2022-2274 was published for openssl-src (Rust) Jul 2, 2022
sugar700
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs Moderate
CVE-2022-31104 was published for cranelift-codegen (Rust) Jun 29, 2022
alexcrichton MaineK00n
Uncontrolled Recursion in rulex Moderate
CVE-2022-31099 was published for rulex (Rust) Jun 22, 2022
evanrichter
Reachable Assertion in rulex Moderate
CVE-2022-31100 was published for rulex (Rust) Jun 21, 2022
evanrichter
Use After Free in Context::start_auth_session Moderate
GHSA-w3vw-ccc5-qr8v was published for tss-esapi (Rust) Jun 17, 2022
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
sugar700
Delegate functions are missing `Send` bound Critical
GHSA-x4mq-m75f-mx8m was published for windows (Rust) Jun 17, 2022
sugar700
vec-const attempts to construct a Vec from a pointer to a const slice Moderate
GHSA-jmwx-r3gq-qq3p was published for vec-const (Rust) Jun 17, 2022
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state` High
GHSA-3pp4-64mp-9cg9 was published for tremor-script (Rust) Jun 17, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022
Panic on incorrect date input to `simple_asn1` Moderate
GHSA-3m6f-3gfg-4x56 was published for simple_asn1 (Rust) Jun 17, 2022
saethlin
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
Threshold value is ignored (all shares are n=3) Low
GHSA-978j-88f3-p5j3 was published for shamir (Rust) Jun 17, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
RustEmbed generated `get` method allows for directory traversal when reading files from disk Moderate
GHSA-cgw6-f3mj-h742 was published for rust-embed (Rust) Jun 17, 2022
Miscomputation when performing AES encryption in rust-crypto Critical
GHSA-jp3w-3q88-34cf was published for rust-crypto (Rust) Jun 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database