GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
panic on parsing crafted phonenumber inputs
Critical
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
Potential memory corruption in arrayfire
Critical
CVE-2018-20998
was published
for
arrayfire
(pip)
Aug 25, 2021
Type confusion if __private_get_type_id__ is overriden
Critical
CVE-2020-25575
was published
for
failure
(Rust)
Jun 16, 2022
SM2 Decryption Buffer Overflow
Critical
CVE-2021-3711
was published
for
openssl-src
(Rust)
May 24, 2022
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Critical
CVE-2024-3584
was published
for
qdrant
(Rust)
Jun 2, 2024
Spin applications with specific configuration vulnerable to potential network sandbox escape
Critical
CVE-2024-32980
was published
for
spin-sdk
(Rust)
May 8, 2024
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Critical
CVE-2024-32971
was published
for
apollo-router
(Rust)
May 2, 2024
transpose: Buffer overflow due to integer overflow
Critical
GHSA-5gmm-6m36-r7jh
was published
for
transpose
(Rust)
Apr 5, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
openssl-src contains Read Buffer Overflow in X.509 Name Constraint
Critical
CVE-2022-4203
was published
for
openssl-src
(Rust)
Feb 8, 2023
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Critical
GHSA-q73f-w3h7-7wcc
was published
for
ckb
(Rust)
Feb 3, 2024
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Out of bounds access in lucet-runtime-internals
Critical
CVE-2020-35859
was published
for
lucet-runtime-internals
(Rust)
Aug 25, 2021
Rust Failure Crate Vulnerable to Type confusion
Critical
CVE-2019-25010
was published
for
failure
(Rust)
Aug 25, 2021
Buffer overflow in SmallVec::insert_many
Critical
CVE-2021-25900
was published
for
smallvec
(Rust)
May 24, 2022
Incorrect Comparison in sodiumoxide
Critical
CVE-2019-25002
was published
for
sodiumoxide
(Rust)
Aug 25, 2021
X.509 Email Address 4-byte Buffer Overflow
Critical
CVE-2022-3602
was published
for
openssl-src
(Rust)
Nov 1, 2022
ProTip!
Advisories are also available from the
GraphQL API