Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

343 advisories

Loading
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr High
GHSA-c439-chv8-8g2j was published for os_socketaddr (Rust) Sep 2, 2022
opcua Vulnerable to Out-of-bounds Write High
CVE-2022-25903 was published for opcua (Rust) Aug 25, 2022
Uncontrolled Resource Consumption in opcua High
CVE-2022-25888 was published for opcua (Rust) Aug 24, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken High
GHSA-h864-m8vm-3xvj was published for oqs (Rust) Aug 18, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack High
GHSA-qrqq-9c63-xfrg was published for tower-http (Rust) Aug 11, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU High
CVE-2022-35724 was published for apache-avro (Rust) Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash High
CVE-2022-36125 was published for apache-avro (Rust) Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
`libsqlite3-sys` via C SQLite improperly validates array index High
CVE-2022-35737 was published for libsqlite3-sys (Rust) Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow High
CVE-2022-31173 was published for juniper (Rust) Jul 29, 2022
MdotTIM karimhreda
nullswan
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow High
GHSA-xq3c-8gqm-v648 was published for async-graphql (Rust) Jul 29, 2022
nullswan MdotTIM
karimhreda
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs High
CVE-2022-31162 was published for slack-morphism (Rust) Jul 20, 2022
tdunlap607
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s High
GHSA-r45x-ghr2-qjxc was published for zeroize_derive (Rust) Jun 17, 2022 withdrawn
KamilaBorowska
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state` High
GHSA-3pp4-64mp-9cg9 was published for tremor-script (Rust) Jun 17, 2022
Data race in `Iter` and `IterMut` High
GHSA-9hpw-r23r-xgm5 was published for thread_local (Rust) Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend High
GHSA-xpww-g9jx-hp8r was published for sha2 (Rust) Jun 17, 2022
Incorrect Lifetime Bounds on Closures in `rusqlite` High
GHSA-q89g-4vhh-mvvm was published for rusqlite (Rust) Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory High
GHSA-9c9f-7x9p-4wqp was published for qcell (Rust) Jun 17, 2022
Window can read out of bounds if Read instance returns more bytes than buffer size High
GHSA-q579-9wp9-gfp2 was published for rdiff (Rust) Jun 17, 2022
Out-of-bounds write in nix::unistd::getgrouplist High
GHSA-wgrg-5h56-jg27 was published for nix (Rust) Jun 17, 2022
Use after free in Neon external buffers High
GHSA-8mj7-wxmc-f424 was published for neon (Rust) Jun 17, 2022
`mopa` is technically unsound High
GHSA-8mv5-7x95-7wcf was published for mopa (Rust) Jun 17, 2022
ProTip! Advisories are also available from the GraphQL API