Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,020 advisories

Loading
Free of uninitialized memory in telemetry Critical
CVE-2021-29937 was published for telemetry (Rust) Aug 25, 2021
XSS in mdBook High
CVE-2020-26297 was published for mdBook (Rust) Aug 25, 2021
vavkamil
Out of bounds write in calamine Critical
CVE-2021-26951 was published for calamine (Rust) Aug 25, 2021
Relative Path Traversal in git-delta High
CVE-2021-36376 was published for git-delta (Rust) Aug 25, 2021
SMTP command injection in lettre Critical
CVE-2021-38189 was published for lettre (Rust) Jul 12, 2021
paolobarbolini
Uncontrolled Search Path Element in sharkdp/bat High
CVE-2021-36753 was published for bat (Rust) Aug 25, 2021
Cross-site Scripting in ammonia Moderate
CVE-2021-38193 was published for ammonia (Rust) Aug 25, 2021
Update unsound DrainFilter and RString::retain High
CVE-2020-36213 was published for abi_stable (Rust) Aug 25, 2021
Integer Overflow in Chunked Transfer-Encoding Moderate
CVE-2021-32714 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
Data races in generator Moderate
CVE-2020-36471 was published for generator (Rust) Aug 25, 2021
Update unsound DrainFilter and RString::retain High
CVE-2020-36212 was published for abi_stable (Rust) Aug 25, 2021
Data races in max7301 Moderate
CVE-2020-36472 was published for max7301 (Rust) Aug 25, 2021
Incorrect buffer size calculation in iced-x86 Critical
CVE-2021-38188 was published for iced-x86 (Rust) Aug 25, 2021
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
`tokio::io::ReadHalf<T>::unsplit` is Unsound Low
GHSA-4q83-7cq4-p6wg was published for tokio (Rust) Feb 4, 2023
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links Moderate
CVE-2022-39215 was published for tauri (Rust) Sep 16, 2022
martin-ocasek
Leak in Aliyun KeySecret Moderate
CVE-2022-39397 was published for aliyun-oss-client (Rust) Nov 21, 2022
Nervos CKB calculation of program load cycles may be missed when executing in resume mode Low
GHSA-fjj4-2q73-jvgc was published for ckb (Rust) Feb 8, 2023
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message Low
GHSA-p2gm-ffr3-w2xw was published for ckb (Rust) Feb 8, 2023
`DecimalArray` does not perform bound checks on accessing values and offsets High
GHSA-h588-76vg-prgj was published for arrow (Rust) Jun 16, 2022
Path traversal in mozwire Critical
CVE-2020-35883 was published for mozwire (Rust) Aug 25, 2021
`pnet_packet` buffer overrun in `set_payload` setters Moderate
GHSA-cf4g-fcf8-3cr9 was published for pnet_packet (Rust) Feb 9, 2023
Memory handling issues in xcb Moderate
CVE-2020-36205 was published for xcb (Rust) Aug 25, 2021
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database