GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
panic on parsing crafted phonenumber inputs
Critical
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Critical
CVE-2024-32971
was published
for
apollo-router
(Rust)
May 2, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Critical
GHSA-q73f-w3h7-7wcc
was published
for
ckb
(Rust)
Feb 3, 2024
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Deno improperly handles resizable ArrayBuffer
Critical
CVE-2023-28445
was published
for
Deno
(Rust)
Mar 23, 2023
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Critical
CVE-2023-26489
was published
for
cranelift-codegen
(Rust)
Mar 9, 2023
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
ckb: Transaction header_deps validation issue (network forking)
Critical
GHSA-7fw6-6mfj-g3q2
was published
for
ckb
(Rust)
Nov 2, 2022
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
wee_alloc is Unmaintained
Critical
GHSA-rc23-xxgq-x27g
was published
for
wee_alloc
(Rust)
Sep 16, 2022
traitobject is Unmaintained
Critical
GHSA-pp8r-vv2j-9j5v
was published
for
traitobject
(Rust)
Sep 16, 2022
lz4-sys vulnerable to memory corruption via issue in liblz4
Critical
GHSA-9q5j-jm53-v7vr
was published
for
lz4-sys
(Rust)
Sep 1, 2022
openssl-src heap memory corruption with RSA private key operation
Critical
CVE-2022-2274
was published
for
openssl-src
(Rust)
Jul 2, 2022
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
Delegate functions are missing `Send` bound
Critical
GHSA-x4mq-m75f-mx8m
was published
for
windows
(Rust)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API