Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

778 advisories

serde-json-wasm stack overflow during recursive JSON parsing High
GHSA-rr69-rxr6-8qwf was published for serde-json-wasm (Rust) Feb 9, 2024
eza Potential Heap Overflow Vulnerability for AArch64 High
CVE-2024-25817 was published for eza (Rust) Feb 8, 2024
CuB3y0nd FuzzyLitchi
cafkafk inspector-ambitious
Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024
Nervos CKB Permit load cell data from memory Moderate
GHSA-29c2-65rj-h343 was published for ckb (Rust) Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics Moderate
GHSA-h4c3-5275-vrmg was published for ckb (Rust) Feb 3, 2024
Use after free in libpulse-binding Moderate
GHSA-f56g-chqp-22m9 was published for libpulse-binding (Rust) Feb 3, 2024
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result Critical
GHSA-q73f-w3h7-7wcc was published for ckb (Rust) Feb 3, 2024
Nervos CKB Snappy decompress length can be very large and causes out of memory error High
GHSA-3gjh-29fv-8hr6 was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB Panic on malformed input High
GHSA-wjxc-pjx9-4wvm was published for ckb (Rust) Feb 3, 2024
quake
Nervos CKB node panics when processing a block which parent timestamp is too new High
GHSA-hjqq-29pw-96wj was published for ckb (Rust) Feb 2, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block Moderate
GHSA-r9rv-9mh8-pxf4 was published for ckb (Rust) Feb 2, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP Low
GHSA-pr39-8257-fxc2 was published for ckb (Rust) Feb 2, 2024
Nervos CKB P2P DoS Attacks Critical
GHSA-84x2-2qv6-qg56 was published for ckb (Rust) Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference Moderate
GHSA-q669-2vfg-cxcg was published for ckb (Rust) Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability Low
CVE-2022-39394 was published for wasmtime (Rust) Feb 1, 2024
kpreisser
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Unauthenticated Nonce Increment in snow Moderate
GHSA-7g9j-g5jg-3vv3 was published for snow (Rust) Jan 24, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Use-after-free when setting the locale Moderate
GHSA-c8v3-jhv9-4ppc was published for rust-i18n-support (Rust) Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone Moderate
GHSA-w59h-378f-2frm was published for threadalone (Rust) Jan 23, 2024
Multiple issues involving quote API in shlex High
GHSA-r7qv-8r2h-pg27 was published for shlex (Rust) Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface High
GHSA-58j9-j2fj-v8f4 was published for surrealdb (Rust) Jan 19, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Moderate
GHSA-8r5v-vm4m-4g25 was published for h2 (Rust) Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
ProTip! Advisories are also available from the GraphQL API