GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
343 advisories
Filter by severity
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
High
GHSA-c439-chv8-8g2j
was published
for
os_socketaddr
(Rust)
Sep 2, 2022
opcua Vulnerable to Out-of-bounds Write
High
CVE-2022-25903
was published
for
opcua
(Rust)
Aug 25, 2022
Uncontrolled Resource Consumption in opcua
High
CVE-2022-25888
was published
for
opcua
(Rust)
Aug 24, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
High
GHSA-h864-m8vm-3xvj
was published
for
oqs
(Rust)
Aug 18, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack
High
GHSA-qrqq-9c63-xfrg
was published
for
tower-http
(Rust)
Aug 11, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
High
CVE-2022-35724
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash
High
CVE-2022-36125
was published
for
apache-avro
(Rust)
Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
High
GHSA-3pp4-64mp-9cg9
was published
for
tremor-script
(Rust)
Jun 17, 2022
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
High
GHSA-6692-8qqf-79jc
was published
for
tectonic_xdv
(Rust)
Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
Incorrect Lifetime Bounds on Closures in `rusqlite`
High
GHSA-q89g-4vhh-mvvm
was published
for
rusqlite
(Rust)
Jun 17, 2022
A malicious coder can get unsound access to TCell or TLCell memory
High
GHSA-9c9f-7x9p-4wqp
was published
for
qcell
(Rust)
Jun 17, 2022
Window can read out of bounds if Read instance returns more bytes than buffer size
High
GHSA-q579-9wp9-gfp2
was published
for
rdiff
(Rust)
Jun 17, 2022
Out-of-bounds write in nix::unistd::getgrouplist
High
GHSA-wgrg-5h56-jg27
was published
for
nix
(Rust)
Jun 17, 2022
Use after free in Neon external buffers
High
GHSA-8mj7-wxmc-f424
was published
for
neon
(Rust)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API