Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
Use-after-free when setting the locale Moderate
GHSA-c8v3-jhv9-4ppc was published for rust-i18n-support (Rust) Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone Moderate
GHSA-w59h-378f-2frm was published for threadalone (Rust) Jan 23, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Moderate
GHSA-8r5v-vm4m-4g25 was published for h2 (Rust) Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
Uncaught Exception in surrealdb Moderate
GHSA-jm4v-58r5-66hj was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 jabis
use-after-free in tracing Moderate
GHSA-8f24-6m29-wm2r was published for tracing (Rust) Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders Moderate
CVE-2024-22192 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Rust EVM erroneousle handles `record_external_operation` error return Moderate
CVE-2024-21629 was published for evm (Rust) Jan 3, 2024
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access Moderate
CVE-2023-50711 was published for vmm-sys-util (Rust) Jan 2, 2024
bchalios
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms Moderate
GHSA-r24f-hg58-vfrw was published for unsafe-libyaml (Rust) Dec 21, 2023
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor lambdafu
KamilaBorowska levpachmanov
Zerocopy: Some Ref methods are unsound with some type parameters Moderate
GHSA-rjhf-4mh8-9xjq was published for zerocopy (Rust) Dec 18, 2023
Unbounded queuing of path validation messages in cloudflare-quiche Moderate
CVE-2023-6193 was published for quiche (Rust) Dec 13, 2023
LPardue marten-seemann
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
tokio-boring vulnerable to resource exhaustion via memory leak Moderate
CVE-2023-6180 was published for tokio-boring (Rust) Dec 5, 2023
ehaydenr
Environment variables still accessible through /proc Moderate
GHSA-wj7f-468m-6mv8 was published for birdcage (Rust) Dec 1, 2023
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune
`openssl` `X509StoreRef::objects` is unsound Moderate
GHSA-xphf-cx8h-7q9g was published for openssl (Rust) Nov 28, 2023
stellar-strkey vulnerable to panic in SignedPayload::from_payload Moderate
CVE-2023-46135 was published for stellar-strkey (Rust) Oct 25, 2023
yeggor
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse Moderate
GHSA-6878-6wc2-pf5h was published for cocoon (Rust) Oct 24, 2023
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion Moderate
CVE-2024-43806 was published for rustix (Rust) Oct 18, 2023
cyqsimon sigmaSd
popey
gix-transport code execution vulnerability Moderate
GHSA-rrjw-j4m2-mf34 was published for gix-transport (Rust) Sep 25, 2023
EliahKagan
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database