Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

292 advisories

Loading
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
Environment variables still accessible through /proc Moderate
GHSA-wj7f-468m-6mv8 was published for birdcage (Rust) Dec 1, 2023
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune
`openssl` `X509StoreRef::objects` is unsound Moderate
GHSA-xphf-cx8h-7q9g was published for openssl (Rust) Nov 28, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse Moderate
GHSA-6878-6wc2-pf5h was published for cocoon (Rust) Oct 24, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon sigmaSd
popey
gix-transport code execution vulnerability Moderate
GHSA-rrjw-j4m2-mf34 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
Inventory exposes reference to non-Sync data to an arbitrary thread Moderate
GHSA-36xm-35qq-795w was published for inventory (Rust) Sep 11, 2023
Users vulnerable to unaligned read of `*const *const c_char` pointer Moderate
GHSA-jcr6-4frq-9gjj was published for users (Rust) Sep 11, 2023
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime Moderate
GHSA-ghc8-5cgm-5rpf was published for inventory (Rust) Sep 11, 2023
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service Moderate
CVE-2023-41317 was published for apollo-router (Rust) Sep 7, 2023
nmoutschen abernix
o0Ignition0o BrynCooke peakematt jasonbarnett667 Geal
mail-internals use-after-free vulnerability in `vec_insert_bytes` Moderate
GHSA-rcx8-48pc-v9q8 was published for mail-internals (Rust) Aug 24, 2023
`ed25519-dalek` Double Public Key Signing Function Oracle Attack Moderate
GHSA-w5vr-6qhr-36cc was published for ed25519-dalek (Rust) Aug 14, 2023
odoh-rs's Invalid Slice Split Results in Server Panic Moderate
CVE-2023-3766 was published for odoh-rs (Rust) Aug 3, 2023
00xc
impl `FromMdbValue` for bool is unsound Moderate
GHSA-f9g6-fp84-fv92 was published for lmdb-rs (Rust) Jul 19, 2023
libostree vulnerable to denial of service attack Moderate
CVE-2022-47085 was published for ostree (Rust) Jul 18, 2023
s2n-quic potential denial of service vulnerability when receiving empty UDP packets Moderate
GHSA-hxq4-mx37-fqvg was published for s2n-quic (Rust) Jun 30, 2023
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new` Moderate
GHSA-g753-ghr7-q33w was published for cyfs-base (Rust) Jun 22, 2023
`openssl` `X509VerifyParamRef::set_host` buffer over-read Moderate
GHSA-xcf7-rvmh-g6q4 was published for openssl (Rust) Jun 21, 2023
memoffset allows reading uninitialized memory Moderate
GHSA-wfg4-322g-9vqv was published for memoffset (Rust) Jun 21, 2023
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles Moderate
CVE-2023-34460 was published for tauri (Rust) Jun 21, 2023
tillmann-crabnebula chip-crabnebula
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall` Moderate
CVE-2023-34449 was published for ink (Rust) Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database