Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

60 advisories

Loading
deno_doc's HTML generator vulnerable to Cross-site Scripting Low
CVE-2024-32468 was published for deno_doc (Rust) Nov 25, 2024
NeKzor
s2n-tls has undefined behavior at process exit Low
GHSA-rp9h-rf7g-hwgr was published for s2n-tls (Rust) Nov 14, 2024
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
`fast-float` has multiple soundness issues Low
GHSA-x8jh-xj3x-gx3c was published for fast-float (Rust) Nov 12, 2024
sp1 has insufficient observation of cumulative sum Low
GHSA-8m24-3cfx-9fjw was published for sp1-recursion-circuit (Rust) Nov 8, 2024
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
biscuit-auth vulnerable to public key confusion in third party block Low
CVE-2024-41949 was published for biscuit-auth (Rust) Jul 31, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
RISC Zero zkVM notes on zero-knowledge Low
GHSA-5xgj-pmjj-gw49 was published for risc0-zkvm (Rust) Jul 15, 2024
Low severity (DoS) vulnerability in sequoia-openpgp Low
GHSA-9344-p847-qm5c was published for sequoia-openpgp (Rust) Jun 26, 2024
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
vodozemac has degraded secret zeroization capabilities Low
CVE-2024-34063 was published for vodozemac (Rust) May 3, 2024
CosmWasm affected by arithmetic overflows Low
GHSA-8724-5xmm-w5xq was published for cosmwasm-std (Rust) Apr 24, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP Low
GHSA-pr39-8257-fxc2 was published for ckb (Rust) Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API