Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

907 advisories

Loading
Array size is not checked in sized-chunks High
CVE-2020-25793 was published for sized-chunks (Rust) Aug 25, 2021
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb High
GHSA-j35p-q24r-5367 was published for ckb (Rust) Apr 22, 2022
Relative Path Traversal in afire serve_static High
GHSA-3227-r97m-8j95 was published for afire (Rust) Apr 22, 2022
w-henderson
traitobject is Unmaintained Critical
GHSA-pp8r-vv2j-9j5v was published for traitobject (Rust) Sep 16, 2022
typemap is Unmaintained Critical
GHSA-vfv3-9w6v-23jp was published for typemap (Rust) Sep 16, 2022
wee_alloc is Unmaintained Critical
GHSA-rc23-xxgq-x27g was published for wee_alloc (Rust) Sep 16, 2022
`cell-project` used incorrect variance when projecting through `&Cell<T>` Moderate
GHSA-p75v-367r-2v23 was published for cell-project (Rust) Sep 16, 2022
mozjpeg DecompressScanlines::read_scanlines is Unsound High
GHSA-v8gq-5grq-9728 was published for mozjpeg (Rust) Sep 16, 2022
`MsQueue` `push`/`pop` use the wrong orderings Moderate
GHSA-rwf4-gx62-rqfw was published for crossbeam (Rust) Jun 8, 2022
Library exclusively intended to obfuscate code. Moderate
GHSA-gfg9-x6px-r7gr was published for plutonium (Rust) Jun 16, 2022
`array!` macro is unsound when its length is impure constant Moderate
GHSA-7v4j-8wvr-v55r was published for array-macro (Rust) Jun 16, 2022
KamilaBorowska
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets High
GHSA-qgrp-8f3v-q85p was published for arrow (Rust) Jun 16, 2022
`BinaryArray` does not perform bound checks on reading values and offsets High
GHSA-r7cj-wmwv-hfw5 was published for arrow (Rust) Jun 16, 2022
Threshold value is ignored (all shares are n=3) Low
GHSA-978j-88f3-p5j3 was published for shamir (Rust) Jun 17, 2022
Delegate functions are missing `Send` bound Critical
GHSA-x4mq-m75f-mx8m was published for windows (Rust) Jun 17, 2022
KamilaBorowska
Arrow2 allows double free in `safe` code High
GHSA-5j8w-r7g8-5472 was published for arrow2 (Rust) Jun 16, 2022
Stack overflow in rustc_serialize when parsing deeply nested JSON Moderate
GHSA-2226-4v3c-cff8 was published for rustc-serialize (Rust) Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory High
GHSA-9c9f-7x9p-4wqp was published for qcell (Rust) Jun 17, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
KamilaBorowska
AtomicBucket<T> unconditionally implements Send/Sync Moderate
GHSA-3hxh-7jxm-59x4 was published for metrics-util (Rust) Jun 17, 2022
Reading on uninitialized memory may cause UB ( `util::read_spv()` ) High
GHSA-qj69-c89v-jwq2 was published for ash (Rust) Jun 16, 2022
Parser creates invalid uninitialized value High
GHSA-f67m-9j94-qv9j was published for hyper (Rust) Jun 16, 2022
`SegQueue` creates zero value of any type Moderate
GHSA-6888-wf7j-34jq was published for crossbeam-queue (Rust) Jun 16, 2022
Channel creates zero value of any type High
GHSA-9g55-pg62-m8hh was published for crossbeam-channel (Rust) Jun 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database