GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
868 advisories
Filter by severity
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Moderate
GHSA-4fg7-vxc8-qx5w
was published
for
age
(Rust)
Dec 18, 2024
`Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)
Moderate
GHSA-2ff4-xfpr-m32r
was published
for
hd-wallet
(Rust)
Dec 18, 2024
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type
Low
GHSA-27vq-hv74-7cqp
was published
for
surrealdb
(Rust)
Dec 16, 2024
PQClean has a correctness error in HQC decapsulation
High
GHSA-753p-wrj5-g8fj
was published
for
pqcrypto-hqc
(Rust)
Dec 11, 2024
CosmWasm VM Incorrect metering
Moderate
GHSA-2q97-m5rc-p3gp
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Panic in wasmvm can slow down block production
Moderate
GHSA-vmqh-5232-v43r
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Moderate
CVE-2024-12224
was published
for
idna
(Rust)
Dec 9, 2024
Build corruption when using `PYO3_CONFIG_FILE` environment variable
Moderate
GHSA-vxcf-c7mx-pg53
was published
for
pyo3
(Rust)
Dec 5, 2024
Unsound usages of `std::slice::from_raw_parts`
Low
GHSA-gw5w-5j7f-jmjj
was published
for
pprof
(Rust)
Dec 5, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-fwfx-rrv8-crpf
was published
for
rustyscript
(Rust)
Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread
Moderate
GHSA-4mw5-2636-4535
was published
for
js-sandbox
(Rust)
Dec 4, 2024
Borsh serialization of HashMap is non-canonical
High
GHSA-wwq9-3cpr-mm53
was published
for
hashbrown
(Rust)
Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type
Low
GHSA-f95p-4cv5-8w8x
was published
for
linkme
(Rust)
Dec 4, 2024
`ruzstd` uninit and out-of-bounds memory reads
Moderate
GHSA-x3f4-45xf-rjm7
was published
for
ruzstd
(Rust)
Dec 2, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting
Low
CVE-2024-32468
was published
for
deno_doc
(Rust)
Nov 25, 2024
rustls network-reachable panic in `Acceptor::accept`
Moderate
GHSA-qg5g-gv98-5ffh
was published
for
rustls
(Rust)
Nov 25, 2024
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Moderate
GHSA-m52v-24p8-654f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception Handling Nonexistent Role
Moderate
GHSA-jc55-246c-r88f
was published
for
surrealdb
(Rust)
Nov 22, 2024
SurrealDB has an Uncaught Exception in Function Generating Random Time
Moderate
GHSA-h4f5-h82v-5w4r
was published
for
surrealdb
(Rust)
Nov 22, 2024
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Moderate
GHSA-jp37-5qhw-mffw
was published
for
sharks
(Rust)
Nov 18, 2024
zlib-rs stack overflow during decompression with malicious input
Moderate
GHSA-j3px-q95c-9683
was published
for
libz-rs-sys
(Rust)
Nov 14, 2024
s2n-tls has undefined behavior at process exit
Low
GHSA-rp9h-rf7g-hwgr
was published
for
s2n-tls
(Rust)
Nov 14, 2024
ProTip!
Advisories are also available from the
GraphQL API