Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

276 advisories

Loading
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
libostree vulnerable to denial of service attack Moderate
CVE-2022-47085 was published for ostree (Rust) Jul 18, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` Moderate
GHSA-g753-ghr7-q33w was published for cyfs-base (Rust) Jun 22, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
GHSA-xcf7-rvmh-g6q4 was published for openssl (Rust) Jun 21, 2023
memoffset allows reading uninitialized memory Moderate
GHSA-wfg4-322g-9vqv was published for memoffset (Rust) Jun 21, 2023
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles Moderate
CVE-2023-34460 was published for tauri (Rust) Jun 21, 2023
tillmann-crabnebula chip-crabnebula
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
Ouroboros is Unsound Moderate
GHSA-87mf-9wg6-ppf8 was published for ouroboros (Rust) Jun 12, 2023
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets Moderate
GHSA-5fm9-h728-fwpj was published for trust-dns-server (Rust) Jun 6, 2023
sccache vulnerable to privilege escalation if server is run as root Moderate
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
kevinbackhouse
Stored cross site scripting in Microbin Moderate
CVE-2023-27075 was published for microbin (Rust) May 4, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites Moderate
CVE-2023-31134 was published for tauri (Rust) May 3, 2023
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending Moderate
CVE-2023-30610 was published for aws-sigv4 (Rust) Apr 26, 2023
Adverserial use of `make_bitflags!` macro can cause undefined behavior Moderate
GHSA-qvc4-78gw-pv8p was published for enumflags2 (Rust) Apr 24, 2023
Parsing borsh messages with ZST which are not-copy/clone is unsound Moderate
GHSA-fjx5-qpf4-xjf2 was published for borsh (Rust) Apr 17, 2023
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area Moderate
GHSA-fq33-vmhv-48xh was published for ntru (Rust) Apr 7, 2023
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers Moderate
GHSA-2qv5-7mw5-j3cg was published for spin (Rust) Apr 3, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API Moderate
CVE-2023-26103 was published for deno (Rust) Apr 3, 2023
dellalibera
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
ProTip! Advisories are also available from the GraphQL API