GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
282 advisories
Filter by severity
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
GHSA-f8x4-f32r-w556
was published
for
pyo3
(Rust)
Oct 15, 2024
•
withdrawn
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
CVE-2024-9979
was published
for
pyo3
(Rust)
Oct 15, 2024
wasmtime has a runtime crash when combining tail calls with trapping imports
Moderate
CVE-2024-47763
was published
for
wasmtime
(Rust)
Oct 9, 2024
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Moderate
GHSA-pfr9-2p92-qrhq
was published
for
dbn
(Rust)
Oct 9, 2024
cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
CVE-2024-21530
was published
for
cocoon
(Rust)
Oct 2, 2024
Tonic has remotely exploitable denial of service vulnerability
Moderate
CVE-2024-47609
was published
for
tonic
(Rust)
Oct 1, 2024
Ouch! allows a segmentation fault due to use of uninitialized memory
Moderate
GHSA-2wq5-g96f-mv3v
was published
for
ouch
(Rust)
Sep 23, 2024
gix-path improperly resolves configuration path reported by Git
Moderate
CVE-2024-45405
was published
for
gix-path
(Rust)
Sep 6, 2024
Integer overflow in the bundled Brotli C library
Moderate
CVE-2020-8927
was published
for
Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm
(NuGet)
May 24, 2022
DOM clobbering could escalate to Cross-site Scripting (XSS)
Moderate
CVE-2024-45389
was published
for
@pagefind/default-ui
(npm)
Sep 3, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Moderate
CVE-2024-43806
was published
for
rustix
(Rust)
Oct 18, 2023
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
Moderate
GHSA-xmrp-424f-vfpx
was published
for
sqlx
(Rust)
Aug 19, 2024
Stack overflow when parsing specially crafted JSON ABI strings
Moderate
GHSA-8327-84cj-8xjm
was published
for
alloy-json-abi
(Rust)
Aug 15, 2024
s2n-tls's mTLS API ordering may skip client authentication
Moderate
GHSA-857q-xmph-p2v5
was published
for
s2n-tls
(Rust)
Aug 9, 2024
Gas mispricing in cosmwasm-vm
Moderate
GHSA-rg2q-2jh9-447q
was published
for
cosmwasm-vm
(Go)
Aug 8, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
zerovec-derive incorrectly uses `#[repr(packed)]`
Moderate
GHSA-74r5-g7vc-j2v2
was published
for
zerovec-derive
(Rust)
Jul 8, 2024
gix-path can use a fake program files location
Moderate
CVE-2024-40644
was published
for
gix-path
(Rust)
Jul 18, 2024
zerovec incorrectly uses `#[repr(packed)]`
Moderate
GHSA-xrv3-jmcp-374j
was published
for
zerovec
(Rust)
Jul 8, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Moderate
CVE-2024-41178
was published
for
object_store
(Rust)
Jul 23, 2024
openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Moderate
GHSA-q445-7m23-qrmw
was published
for
openssl
(Rust)
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API