GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,614
NuGet
638
pip
3,225
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
817 advisories
Filter by severity
Nervos CKB Unaligned Pointer Dereference
Moderate
GHSA-q669-2vfg-cxcg
was published
for
ckb
(Rust)
Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability
Low
CVE-2022-39394
was published
for
wasmtime
(Rust)
Feb 1, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
Any authenticated user may obtain private message details from other users on the same instance
High
CVE-2024-23649
was published
for
lemmy_server
(Rust)
Jan 24, 2024
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
Use-after-free when setting the locale
Moderate
GHSA-c8v3-jhv9-4ppc
was published
for
rust-i18n-support
(Rust)
Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone
Moderate
GHSA-w59h-378f-2frm
was published
for
threadalone
(Rust)
Jan 23, 2024
Multiple issues involving quote API in shlex
High
GHSA-r7qv-8r2h-pg27
was published
for
shlex
(Rust)
Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Moderate
GHSA-8r5v-vm4m-4g25
was published
for
h2
(Rust)
Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception in surrealdb
Moderate
GHSA-jm4v-58r5-66hj
was published
for
surrealdb
(Rust)
Jan 18, 2024
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Rust EVM erroneousle handles `record_external_operation` error return
Moderate
CVE-2024-21629
was published
for
evm
(Rust)
Jan 3, 2024
safe_pqc_kyber leaks parts of secret keys
High
GHSA-p4v8-jgcv-9g75
was published
for
safe_pqc_kyber
(Rust)
Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Moderate
CVE-2023-50711
was published
for
vmm-sys-util
(Rust)
Jan 2, 2024
Remotely exploitable denial of service in Rosenpass
High
GHSA-6ggr-cwv4-g7qg
was published
for
rosenpass
(Rust)
Dec 21, 2023
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Moderate
GHSA-r24f-hg58-vfrw
was published
for
unsafe-libyaml
(Rust)
Dec 21, 2023
ProTip!
Advisories are also available from the
GraphQL API