GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
Leak in Aliyun KeySecret
Moderate
CVE-2022-39397
was published
for
aliyun-oss-client
(Rust)
Nov 21, 2022
`pnet_packet` buffer overrun in `set_payload` setters
Moderate
GHSA-cf4g-fcf8-3cr9
was published
for
pnet_packet
(Rust)
Feb 9, 2023
`OCSP_basic_verify` may incorrectly verify the response signing certificate
Moderate
CVE-2022-1343
was published
for
openssl-src
(Rust)
May 4, 2022
Incorrect MAC key used in the RC4-MD5 ciphersuite
Moderate
CVE-2022-1434
was published
for
openssl-src
(Rust)
May 4, 2022
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Moderate
GHSA-xw5j-gv2g-mjm2
was published
for
cortex-m-rt
(Rust)
Feb 14, 2023
Ascii (crate) allows out-of-bounds array indexing in safe code
Moderate
GHSA-mrrw-grhq-86gf
was published
for
ascii
(Rust)
Feb 28, 2023
partial_sort contains Out-of-bounds Read in release mode
Moderate
GHSA-5x36-7567-3cw6
was published
for
partial_sort
(Rust)
Feb 28, 2023
Maligned causes incorrect deallocation
Moderate
GHSA-wm8x-php5-hvq6
was published
for
maligned
(Rust)
Mar 7, 2023
`out_reference::Out::from_raw` should be `unsafe`
Moderate
GHSA-p7mj-xvxg-grff
was published
for
out-reference
(Rust)
Mar 13, 2023
Wasmtime out of bounds read/write with zero-memory-pages configuration
Moderate
CVE-2022-39392
was published
for
wasmtime
(Rust)
Nov 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver
Moderate
CVE-2021-20332
was published
for
mongodb
(Rust)
May 24, 2022
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
Moderate
GHSA-255r-3prx-mf99
was published
for
rmp-serde
(Rust)
Mar 22, 2023
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
async-nats vulnerable to TLS certificate common name validation bypass
Moderate
GHSA-f5v5-ccqc-6w36
was published
for
async-nats
(Rust)
Mar 24, 2023
`openssl` `X509NameBuilder::build` returned object is not thread safe
Moderate
GHSA-3gxf-9r58-2ghg
was published
for
openssl
(Rust)
Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Moderate
CVE-2023-28448
was published
for
versionize
(Rust)
Mar 24, 2023
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Moderate
GHSA-xxmq-4vph-956w
was published
for
comrak
(Rust)
Mar 28, 2023
Memory Safety Issue when using patch or merge on state and assign the result back to state
Moderate
CVE-2021-39228
was published
for
tremor-script
(Rust)
Sep 20, 2021
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Moderate
GHSA-7p7c-pvvx-2vx3
was published
for
hyper-staticfile
(Rust)
Dec 5, 2022
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Moderate
CVE-2023-26103
was published
for
deno
(Rust)
Apr 3, 2023
Integer Overflow in openssl-src
Moderate
CVE-2021-23841
was published
for
openssl-src
(Rust)
Aug 25, 2021
matrix-sdk-crypto contains potential impersonation via room key forward responses
Moderate
CVE-2022-39252
was published
for
matrix-sdk-crypto
(Rust)
Sep 30, 2022
ProTip!
Advisories are also available from the
GraphQL API