Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen alexcrichton
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
biscuit-auth vulnerable to public key confusion in third party block Low
CVE-2024-41949 was published for biscuit-auth (Rust) Jul 31, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
RISC Zero zkVM notes on zero-knowledge Low
GHSA-5xgj-pmjj-gw49 was published for risc0-zkvm (Rust) Jul 15, 2024
Low severity (DoS) vulnerability in sequoia-openpgp Low
CVE-2024-58261 was published for sequoia-openpgp (Rust) Jun 26, 2024
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
CosmWasm affected by arithmetic overflows Low
CVE-2024-58263 was published for cosmwasm-std (Rust) Apr 24, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP Low
GHSA-pr39-8257-fxc2 was published for ckb (Rust) Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability Low
CVE-2022-39394 was published for wasmtime (Rust) Feb 1, 2024
kpreisser
Unauthenticated Nonce Increment in snow Low
CVE-2024-58265 was published for snow (Rust) Jan 24, 2024
Multiple issues involving quote API in shlex Low
CVE-2024-58266 was published for shlex (Rust) Jan 22, 2024
ferris-says has undefined behavior when not using UTF-8 Low
GHSA-v363-rrf2-5fmj was published for ferris-says (Rust) Jan 17, 2024
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut Low
GHSA-3mv5-343c-w2qg was published for zerocopy (Rust) Dec 15, 2023
s2n-quic potential denial of service via crafted stream frames Low
GHSA-475v-pq2g-fp9g was published for s2n-quic (Rust) Nov 8, 2023
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency Low
GHSA-j57r-4qw6-58r3 was published for rusty-paseto (Rust) Nov 7, 2023
techport-om rrrodzilla
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database