Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Arrow2 allows double free in `safe` code High
GHSA-5j8w-r7g8-5472 was published for arrow2 (Rust) Jun 16, 2022
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets High
GHSA-qgrp-8f3v-q85p was published for arrow (Rust) Jun 16, 2022
`DecimalArray` does not perform bound checks on accessing values and offsets High
GHSA-h588-76vg-prgj was published for arrow (Rust) Jun 16, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` ) High
GHSA-qj69-c89v-jwq2 was published for ash (Rust) Jun 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets High
GHSA-r7cj-wmwv-hfw5 was published for arrow (Rust) Jun 16, 2022
`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()` High
GHSA-hv9v-7w3v-rj6f was published for acc_reader (Rust) Jun 16, 2022
abomonation transmutes &T to and from &[u8] without sufficient constraints High
GHSA-hfxp-p695-629x was published for abomonation (Rust) Jun 16, 2022
Duplicate Advisory: Integer Overflow in HeaderMap::reserve() can cause Denial of Service High
CVE-2019-25008 was published for http (Rust) Jun 16, 2022 withdrawn
matveybaykalov
Link Following in Deno High
CVE-2021-41641 was published for deno (Rust) Jun 13, 2022
Routinator infinite loop vulnerability High
CVE-2021-43172 was published for routinator (Rust) May 24, 2022
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex
futures_task::waker may cause a use-after-free if used on a type that isn't 'static High
CVE-2020-35906 was published for futures-task (Rust) May 24, 2022
Dangling reference in `access::Map` with Constant High
CVE-2020-35711 was published for arc-swap (Rust) May 24, 2022
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
Grin Insufficient Validation High
CVE-2020-6638 was published for grin (Rust) May 24, 2022
Cargo prior to Rust 1.26.0 may download the wrong dependency High
CVE-2019-16760 was published for cargo (Rust) May 24, 2022
Integer overflow in solana_rbpf High
CVE-2022-31264 was published for solana_rbpf (Rust) May 22, 2022
librsvg DoS via Cyclic References High
CVE-2015-7558 was published for librsvg (Rust) May 17, 2022
Resource leakage when decoding certificates and keys High
CVE-2022-1473 was published for openssl-src (Rust) May 4, 2022
pinkforest
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb High
GHSA-j35p-q24r-5367 was published for ckb (Rust) Apr 22, 2022
Relative Path Traversal in afire serve_static High
GHSA-3227-r97m-8j95 was published for afire (Rust) Apr 22, 2022
w-henderson
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Data Loss/Denial of Service in SWHKD High
CVE-2022-27816 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
Rust's regex crate vulnerable to regular expression denial of service High
CVE-2022-24713 was published for regex (Rust) Mar 8, 2022
addisoncrump
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database