Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
WITHDRAWN Moderate
GHSA-8q5c-93vg-c747 was published for toolshed (Rust) Aug 25, 2021 withdrawn
Data races in model Moderate
GHSA-8q64-wrfr-q48c was published for model (Rust) Aug 25, 2021 withdrawn
Data races in unicycle Moderate
GHSA-7mg7-m5c3-3hqj was published for unicycle (Rust) Aug 25, 2021 withdrawn
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T> Moderate
GHSA-jh2g-xhqq-x4w9 was published for rcu_cell (Rust) Aug 25, 2021 withdrawn
Singleton lacks bounds on Send and Sync. Moderate
GHSA-vj88-5667-w56p was published for ruspiro-singleton (Rust) Aug 25, 2021 withdrawn
MvccRwLock allows data races & aliasing violations Moderate
GHSA-mgg8-9pvp-6qcw was published for noise_search (Rust) Aug 25, 2021 withdrawn
Data races in generator Moderate
GHSA-h6gg-fvf5-qgwf was published for generator (Rust) Aug 25, 2021 withdrawn
Queue<T> should have a Send bound on its Send/Sync traits Moderate
GHSA-v42f-j8fx-99f3 was published for scottqueue (Rust) Aug 25, 2021 withdrawn
Data races in concread Moderate
CVE-2020-35928 was published for concread (Rust) Aug 25, 2021
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
cookie-signature Timing Attack Moderate
CVE-2016-1000236 was published for cookie-signature (npm) Jan 6, 2020
Data race in disrustor Moderate
CVE-2020-36470 was published for disrustor (Rust) Aug 25, 2021
J3rry-1729
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security Moderate
CVE-2011-2731 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch Moderate
CVE-2019-7614 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts Moderate
CVE-2022-46174 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Dec 30, 2022
undertow Race Condition vulnerability Moderate
CVE-2021-3597 was published for io.undertow:undertow-core (Maven) May 25, 2022
Data races in noise_search Moderate
CVE-2020-36461 was published for noise_search (Rust) Aug 25, 2021
Data races in appendix Moderate
CVE-2020-36469 was published for appendix (Rust) Aug 25, 2021
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages. Moderate
CVE-2020-35216 was published for io.atomix:atomix (Maven) Dec 17, 2021
HashiCorp Nomad Artifact Download Race Condition Moderate
CVE-2022-24686 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
westonsteimel
Observable Discrepancy in libsecp256k1-rs Moderate
CVE-2019-20399 was published for libsecp256k1-rs (Rust) Aug 25, 2021
Data races in max7301 Moderate
CVE-2020-36472 was published for max7301 (Rust) Aug 25, 2021
Data races in generator Moderate
CVE-2020-36471 was published for generator (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database