Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

365 advisories

Loading
Mutable reference with immutable provenance in image Moderate
CVE-2020-35916 was published for image (Rust) Aug 25, 2021
tdunlap607
Data races in lock_api Moderate
CVE-2020-35914 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35913 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35911 was published for lock_api (Rust) Aug 25, 2021
Aliased mutable references from `tls_rand` & `TlsWyRand` Moderate
GHSA-p6gj-gpc8-f8xw was published for nanorand (Rust) Jun 17, 2022
miow invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35921 was published for miow (Rust) Aug 25, 2021
LunaBorowska
mio invalidly assumes the memory layout of std::net::SocketAddr Moderate
CVE-2020-35922 was published for mio (Rust) Aug 25, 2021
tdunlap607
Data races in magnetic Moderate
CVE-2020-35925 was published for magnetic (Rust) Aug 25, 2021
ordered_float:NotNan may contain NaN after panic in assignment operators Moderate
CVE-2020-35923 was published for ordered-float (Rust) Aug 25, 2021
saethlin tdunlap607
Improper random number generation in nanorand Moderate
CVE-2020-35926 was published for nanorand (Rust) Aug 25, 2021
Data races in multiqueue2 Moderate
CVE-2020-36214 was published for multiqueue2 (Rust) Aug 25, 2021
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Optional `Deserialize` implementations lacking validation Moderate
GHSA-jf5h-cf95-w759 was published for raw-cpuid (Rust) Jun 17, 2022
Data races in reffers Moderate
CVE-2020-36203 was published for reffers (Rust) Aug 25, 2021
Error on unsupported architectures in raw-cpuid Moderate
CVE-2021-26307 was published for raw-cpuid (Rust) Aug 25, 2021
tdunlap607
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Panic on incorrect date input to `simple_asn1` Moderate
GHSA-3m6f-3gfg-4x56 was published for simple_asn1 (Rust) Jun 17, 2022
saethlin
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code Moderate
GHSA-969w-q74q-9j8v was published for secp256k1 (Rust) Dec 8, 2022
Unchecked vector pre-allocation Moderate
GHSA-mcrf-7hf9-f6q5 was published for rmpv (Rust) Aug 25, 2021
scalarmult() vulnerable to degenerate public keys Moderate
CVE-2017-1000168 was published for sodiumoxide (Rust) Aug 25, 2021
Uncontrolled recursion leads to abort in deserialization Moderate
GHSA-39vw-qp34-rmwf was published for serde_yaml (Rust) Aug 25, 2021
HTTP Request smuggling in tiny_http Moderate
CVE-2020-35884 was published for tiny_http (Rust) Aug 25, 2021
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
tower-http's improper validation of Windows paths could lead to directory traversal attack Moderate
GHSA-wwh2-r387-g5rm was published for tower-http (Rust) Jun 17, 2022
`temporary` makes use of uninitialized memory Moderate
GHSA-2jq9-6xx7-3h29 was published for temporary (Rust) Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database