Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,730
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

778 advisories

eyre: Parts of Report are dropped as the wrong type during downcast High
GHSA-4v52-7q2x-v4xj was published for eyre (Rust) Apr 5, 2024
HPACK decoder panics on invalid input High
GHSA-w7hm-hmxv-pvhf was published for hpack (Rust) Apr 5, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
aliyundrive-webdav vulnerable to Command Injection High
CVE-2024-29640 was published for aliyundrive-webdav (pip) Mar 29, 2024
tls-listener affected by the slow loris vulnerability with default configuration High
CVE-2024-28854 was published for tls-listener (Rust) Mar 15, 2024
conradludgate
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding Moderate
CVE-2024-1765 was published for quiche (Rust) Mar 13, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement Low
CVE-2024-1410 was published for quiche (Rust) Mar 13, 2024
marten-seemann
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters Critical
CVE-2024-28123 was published for wasmi (Rust) Mar 7, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
*const c_void / ExternalPointer unsoundness leading to use-after-free Moderate
CVE-2024-27934 was published for Deno (Rust) Mar 6, 2024
leesh3288
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass High
CVE-2024-27933 was published for deno (Rust) Mar 6, 2024
leesh3288
Deno's improper suffix match testing for DENO_AUTH_TOKENS Moderate
CVE-2024-27932 was published for deno (Rust) Mar 6, 2024
easrng mmastrac
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64 Moderate
GHSA-3xc6-7h59-j2x4 was published for eza (Rust) Mar 6, 2024 withdrawn
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping High
CVE-2024-27936 was published for deno (Rust) Mar 5, 2024
Ry0taK westonsteimel
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination High
CVE-2024-27935 was published for deno (Rust) Mar 5, 2024
mmastrac
Insufficient permission checking in `Deno.makeTemp*` APIs Moderate
CVE-2024-27931 was published for deno (Rust) Mar 5, 2024
ericcornelissen mmastrac
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
Externally Controlled Format String in Scripting Functions High
GHSA-q3gg-m8hr-h4x4 was published for surrealdb (Rust) Feb 21, 2024
akkie
Uncaught Exception in Macro Expecting Native Function to Exist Moderate
GHSA-6wr5-jmpr-mjcx was published for surrealdb (Rust) Feb 21, 2024
idofilus
Uncaught Exception Handling Parsing Errors on Line Terminators Moderate
GHSA-8xff-473h-f863 was published for surrealdb (Rust) Feb 21, 2024
Cheyenne1025
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2 High
GHSA-22q8-ghmq-63vf was published for libgit2-sys (Rust) Feb 12, 2024
pqc_kyber KyberSlash: division timings depending on secrets High
GHSA-x5j2-g63m-f8g4 was published for pqc_kyber (Rust) Feb 9, 2024
ProTip! Advisories are also available from the GraphQL API