Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

275 advisories

Loading
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding Moderate
CVE-2024-1765 was published for quiche (Rust) Mar 13, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits Moderate
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt
*const c_void / ExternalPointer unsoundness leading to use-after-free Moderate
CVE-2024-27934 was published for Deno (Rust) Mar 6, 2024
leesh3288
Deno's improper suffix match testing for DENO_AUTH_TOKENS Moderate
CVE-2024-27932 was published for deno (Rust) Mar 6, 2024
easrng mmastrac
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64 Moderate
GHSA-3xc6-7h59-j2x4 was published for eza (Rust) Mar 6, 2024 withdrawn
Insufficient permission checking in `Deno.makeTemp*` APIs Moderate
CVE-2024-27931 was published for deno (Rust) Mar 5, 2024
ericcornelissen mmastrac
Uncaught Exception in Macro Expecting Native Function to Exist Moderate
GHSA-6wr5-jmpr-mjcx was published for surrealdb (Rust) Feb 21, 2024
idofilus
Uncaught Exception Handling Parsing Errors on Line Terminators Moderate
GHSA-8xff-473h-f863 was published for surrealdb (Rust) Feb 21, 2024
Cheyenne1025
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024
Nervos CKB Permit load cell data from memory Moderate
GHSA-29c2-65rj-h343 was published for ckb (Rust) Feb 3, 2024
Nervos CKB Pool does not remove the conflicting transactions from the statistics Moderate
GHSA-h4c3-5275-vrmg was published for ckb (Rust) Feb 3, 2024
Use after free in libpulse-binding Moderate
GHSA-f56g-chqp-22m9 was published for libpulse-binding (Rust) Feb 3, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block Moderate
GHSA-r9rv-9mh8-pxf4 was published for ckb (Rust) Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference Moderate
GHSA-q669-2vfg-cxcg was published for ckb (Rust) Feb 2, 2024
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
Unauthenticated Nonce Increment in snow Moderate
GHSA-7g9j-g5jg-3vv3 was published for snow (Rust) Jan 24, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client Moderate
CVE-2024-23644 was published for trillium-client (Rust) Jan 24, 2024
divergentdave
Use-after-free when setting the locale Moderate
GHSA-c8v3-jhv9-4ppc was published for rust-i18n-support (Rust) Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone Moderate
GHSA-w59h-378f-2frm was published for threadalone (Rust) Jan 23, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) Moderate
GHSA-8r5v-vm4m-4g25 was published for h2 (Rust) Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing Moderate
GHSA-6r8p-hpg7-825g was published for surrealdb (Rust) Jan 18, 2024
Uncaught Exception in surrealdb Moderate
GHSA-jm4v-58r5-66hj was published for surrealdb (Rust) Jan 18, 2024
Tu0Laj1 jabis
use-after-free in tracing Moderate
GHSA-8f24-6m29-wm2r was published for tracing (Rust) Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential Moderate
CVE-2024-21670 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
ProTip! Advisories are also available from the GraphQL API