Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,791
Erlang
36
GitHub Actions
29
Go
2,373
Maven
5,000+
npm
3,998
NuGet
720
pip
3,801
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+

358 advisories

Loading
Incorrect MAC key used in the RC4-MD5 ciphersuite Moderate
CVE-2022-1434 was published for openssl-src (Rust) May 4, 2022
pinkforest
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2 Moderate
GHSA-xw5j-gv2g-mjm2 was published for cortex-m-rt (Rust) Feb 14, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code Moderate
GHSA-mrrw-grhq-86gf was published for ascii (Rust) Feb 28, 2023
partial_sort contains Out-of-bounds Read in release mode Moderate
GHSA-5x36-7567-3cw6 was published for partial_sort (Rust) Feb 28, 2023
Maligned causes incorrect deallocation Moderate
GHSA-wm8x-php5-hvq6 was published for maligned (Rust) Mar 7, 2023
`out_reference::Out::from_raw` should be `unsafe` Moderate
GHSA-p7mj-xvxg-grff was published for out-reference (Rust) Mar 13, 2023
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver Moderate
CVE-2021-20332 was published for mongodb (Rust) May 24, 2022
alex-semenyuk richardfan0606
Cross site scripting in comrak Moderate
CVE-2021-27671 was published for comrak (Rust) Aug 25, 2021
tdunlap607
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8 Moderate
GHSA-255r-3prx-mf99 was published for rmp-serde (Rust) Mar 22, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
async-nats vulnerable to TLS certificate common name validation bypass Moderate
GHSA-f5v5-ccqc-6w36 was published for async-nats (Rust) Mar 24, 2023
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Cross-site Scripting in comrak Moderate
CVE-2021-38186 was published for comrak (Rust) Aug 25, 2021
tdunlap607
Memory Safety Issue when using patch or merge on state and assign the result back to state Moderate
CVE-2021-39228 was published for tremor-script (Rust) Sep 20, 2021
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-7p7c-pvvx-2vx3 was published for hyper-staticfile (Rust) Dec 5, 2022
tdunlap607
Regular Expression Denial of Service in Deno.upgradeWebSocket API Moderate
CVE-2023-26103 was published for deno (Rust) Apr 3, 2023
dellalibera
Integer Overflow in openssl-src Moderate
CVE-2021-23841 was published for openssl-src (Rust) Aug 25, 2021
another-rex
matrix-sdk-crypto contains potential impersonation via room key forward responses Moderate
CVE-2022-39252 was published for matrix-sdk-crypto (Rust) Sep 30, 2022
michaelkedar
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers Moderate
GHSA-2qv5-7mw5-j3cg was published for spin (Rust) Apr 3, 2023
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area Moderate
GHSA-fq33-vmhv-48xh was published for ntru (Rust) Apr 7, 2023
Space bug in `clean_text` Moderate
GHSA-p2g9-94wh-65c2 was published for ammonia (Rust) Jun 16, 2022
tdunlap607
Adverserial use of `make_bitflags!` macro can cause undefined behavior Moderate
GHSA-qvc4-78gw-pv8p was published for enumflags2 (Rust) Apr 24, 2023
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database