GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
845 advisories
Filter by severity
zlib-rs stack overflow during decompression with malicious input
Moderate
GHSA-j3px-q95c-9683
was published
for
libz-rs-sys
(Rust)
Nov 14, 2024
s2n-tls has undefined behavior at process exit
Low
GHSA-rp9h-rf7g-hwgr
was published
for
s2n-tls
(Rust)
Nov 14, 2024
Mimalloc Can Allocate Memory with Bad Alignment
Moderate
GHSA-g23h-7vf9-xc25
was published
for
mimalloc
(Rust)
Nov 12, 2024
paillier-zk has ambiguous challenge derivation
Low
GHSA-fpr5-jp2j-4q2f
was published
for
paillier-zk
(Rust)
Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation
Low
GHSA-rm66-9gh4-4gp8
was published
for
cggmp21
(Rust)
Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Moderate
GHSA-pqpw-89w5-82v5
was published
for
simd-json-derive
(Rust)
Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation
Low
GHSA-7jjx-3qw9-j6h6
was published
for
cggmp21-keygen
(Rust)
Nov 12, 2024
`fast-float` has multiple soundness issues
Low
GHSA-x8jh-xj3x-gx3c
was published
for
fast-float
(Rust)
Nov 12, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
sp1 has insufficient observation of cumulative sum
Low
GHSA-8m24-3cfx-9fjw
was published
for
sp1-recursion-circuit
(Rust)
Nov 8, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
Wasmtime doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51745
was published
for
wasmtime
(Rust)
Nov 5, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
Moderate
GHSA-f77q-r5qm-w4m8
was published
for
sp1-recursion-gnark-ffi
(Rust)
Oct 29, 2024
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
CVE-2024-9979
was published
for
pyo3
(Rust)
Oct 15, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
GHSA-f8x4-f32r-w556
was published
for
pyo3
(Rust)
Oct 15, 2024
•
withdrawn
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Low
CVE-2024-47813
was published
for
wasmtime
(Rust)
Oct 9, 2024
wasmtime has a runtime crash when combining tail calls with trapping imports
Moderate
CVE-2024-47763
was published
for
wasmtime
(Rust)
Oct 9, 2024
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Moderate
GHSA-pfr9-2p92-qrhq
was published
for
dbn
(Rust)
Oct 9, 2024
Improper Authorization in Select Permissions
High
GHSA-9722-9j67-vjcr
was published
for
surrealdb
(Rust)
Oct 8, 2024
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
High
GHSA-qjrv-v6qp-x99x
was published
for
surrealdb
(Rust)
Oct 8, 2024
async-graphql Directive Overload
High
CVE-2024-47614
was published
for
async-graphql
(Rust)
Oct 3, 2024
cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
CVE-2024-21530
was published
for
cocoon
(Rust)
Oct 2, 2024
Tonic has remotely exploitable denial of service vulnerability
Moderate
CVE-2024-47609
was published
for
tonic
(Rust)
Oct 1, 2024
ProTip!
Advisories are also available from the
GraphQL API