GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Moderate
GHSA-jp37-5qhw-mffw
was published
for
sharks
(Rust)
Nov 18, 2024
zlib-rs stack overflow during decompression with malicious input
Moderate
GHSA-j3px-q95c-9683
was published
for
libz-rs-sys
(Rust)
Nov 14, 2024
Mimalloc Can Allocate Memory with Bad Alignment
Moderate
GHSA-g23h-7vf9-xc25
was published
for
mimalloc
(Rust)
Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Moderate
GHSA-pqpw-89w5-82v5
was published
for
simd-json-derive
(Rust)
Nov 12, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
loona-hpack Panic Vulnerability
Moderate
CVE-2024-51502
was published
for
loona-hpack
(Rust)
Nov 4, 2024
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
Moderate
GHSA-f77q-r5qm-w4m8
was published
for
sp1-recursion-gnark-ffi
(Rust)
Oct 29, 2024
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
CVE-2024-9979
was published
for
pyo3
(Rust)
Oct 15, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Moderate
GHSA-f8x4-f32r-w556
was published
for
pyo3
(Rust)
Oct 15, 2024
•
withdrawn
wasmtime has a runtime crash when combining tail calls with trapping imports
Moderate
CVE-2024-47763
was published
for
wasmtime
(Rust)
Oct 9, 2024
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Moderate
GHSA-pfr9-2p92-qrhq
was published
for
dbn
(Rust)
Oct 9, 2024
cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
CVE-2024-21530
was published
for
cocoon
(Rust)
Oct 2, 2024
Tonic has remotely exploitable denial of service vulnerability
Moderate
CVE-2024-47609
was published
for
tonic
(Rust)
Oct 1, 2024
Ouch! allows a segmentation fault due to use of uninitialized memory
Moderate
GHSA-2wq5-g96f-mv3v
was published
for
ouch
(Rust)
Sep 23, 2024
gix-path improperly resolves configuration path reported by Git
Moderate
CVE-2024-45405
was published
for
gix-path
(Rust)
Sep 6, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS)
Moderate
CVE-2024-45389
was published
for
@pagefind/default-ui
(npm)
Sep 3, 2024
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Moderate
GHSA-75qh-gg76-p2w4
was published
for
cosmwasm-vm
(Go)
Aug 27, 2024
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
Moderate
GHSA-xmrp-424f-vfpx
was published
for
sqlx
(Rust)
Aug 19, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Stack overflow when parsing specially crafted JSON ABI strings
Moderate
GHSA-8327-84cj-8xjm
was published
for
alloy-json-abi
(Rust)
Aug 15, 2024
s2n-tls's mTLS API ordering may skip client authentication
Moderate
GHSA-857q-xmph-p2v5
was published
for
s2n-tls
(Rust)
Aug 9, 2024
Gas mispricing in cosmwasm-vm
Moderate
GHSA-rg2q-2jh9-447q
was published
for
cosmwasm-vm
(Go)
Aug 8, 2024
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Moderate
CVE-2024-41178
was published
for
object_store
(Rust)
Jul 23, 2024
openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Moderate
GHSA-q445-7m23-qrmw
was published
for
openssl
(Rust)
Jul 22, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API