Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,426 advisories

Loading
Data races in atom Moderate
CVE-2020-35897 was published for atom (Rust) Aug 25, 2021
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr Moderate
CVE-2020-35886 was published for arr (Rust) Aug 25, 2021
Data races in rulinalg Critical
CVE-2020-35879 was published for rulinalg (Rust) Aug 25, 2021
Data races in rocket High
CVE-2020-35882 was published for rocket (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35866 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35867 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35868 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite High
CVE-2020-35871 was published for rusqlite (Rust) Aug 25, 2021
Use after free in internment High
CVE-2020-35874 was published for internment (Rust) Aug 25, 2021
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
opencontainers runc contains procfs race condition with a shared volume mount Moderate
CVE-2019-19921 was published for github.com/opencontainers/runc (Go) May 27, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Moderate
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible High
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
cookie-signature Timing Attack Moderate
CVE-2016-1000236 was published for cookie-signature (npm) Jan 6, 2020
In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate
CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019
Webargs mishandles concurrent JSON parsing High
CVE-2019-9710 was published for webargs (pip) Mar 12, 2019
Race condition in org.apache.hbase:hbase-thrift High
CVE-2018-8025 was published for org.apache.hbase:hbase-thrift (Maven) Oct 18, 2018
MarkLee131
Apache Tomcat Race Condition vulnerability Moderate
CVE-2018-8037 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
private_address_check contains race condition High
CVE-2018-3759 was published for private_address_check (RubyGems) Jul 31, 2018
Plone and Zope2 affected by Race Condition High
CVE-2012-5507 was published for Plone (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database