Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

857 advisories

Loading
op_panic in the base runtime can force a panic in the runtime's containing thread Moderate
GHSA-fwfx-rrv8-crpf was published for rustyscript (Rust) Dec 4, 2024
op_panic in the base runtime can force a panic in the runtime's containing thread Moderate
GHSA-4mw5-2636-4535 was published for js-sandbox (Rust) Dec 4, 2024
Unsoundness in anstream Moderate
GHSA-2rxc-gjrp-vjhx was published for anstream (Rust) Dec 4, 2024
Borsh serialization of HashMap is non-canonical High
GHSA-wwq9-3cpr-mm53 was published for hashbrown (Rust) Dec 4, 2024
linkme fails to ensure slice elements match the slice's declared type Low
GHSA-f95p-4cv5-8w8x was published for linkme (Rust) Dec 4, 2024
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows Moderate
CVE-2024-4435 was published for ic-stable-structures (Rust) May 21, 2024
ielashi
zlib-rs stack overflow during decompression with malicious input Moderate
GHSA-j3px-q95c-9683 was published for libz-rs-sys (Rust) Nov 14, 2024
inahga
`ruzstd` uninit and out-of-bounds memory reads Moderate
GHSA-x3f4-45xf-rjm7 was published for ruzstd (Rust) Dec 2, 2024
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
kevinbackhouse
deno_doc's HTML generator vulnerable to Cross-site Scripting Low
CVE-2024-32468 was published for deno_doc (Rust) Nov 25, 2024
NeKzor
rustls network-reachable panic in `Acceptor::accept` Moderate
GHSA-qg5g-gv98-5ffh was published for rustls (Rust) Nov 25, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
SurrealDB has an Uncaught Exception Sorting Tables by Random Order Moderate
GHSA-m52v-24p8-654f was published for surrealdb (Rust) Nov 22, 2024
finnbear extrawurst
SurrealDB has an Uncaught Exception Handling Nonexistent Role Moderate
GHSA-jc55-246c-r88f was published for surrealdb (Rust) Nov 22, 2024
garyhai
SurrealDB has an Uncaught Exception in Function Generating Random Time Moderate
GHSA-h4f5-h82v-5w4r was published for surrealdb (Rust) Nov 22, 2024
Memory access due to code generation flaw in Cranelift module High
CVE-2021-32629 was published for cranelift-codegen (pip) Aug 25, 2021
Wrong type for `Linker`-define functions when used across two `Engine`s Moderate
CVE-2021-39219 was published for wasmtime (pip) Sep 20, 2021
alexcrichton
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime Moderate
CVE-2021-39218 was published for wasmtime (pip) Sep 20, 2021
cfallin fitzgen
Use after free passing `externref`s to Wasm in Wasmtime Moderate
CVE-2021-39216 was published for wasmtime (pip) Sep 20, 2021
alexcrichton fitzgen
cfallin
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Sharks has a Bias of Polynomial Coefficients in Secret Sharing Moderate
GHSA-jp37-5qhw-mffw was published for sharks (Rust) Nov 18, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material Moderate
CVE-2024-40640 was published for vodozemac (Rust) Jul 17, 2024
gix-path can use a fake program files location High
CVE-2024-40644 was published for gix-path (Rust) Jul 18, 2024
EliahKagan
panic on parsing crafted phonenumber inputs Critical
CVE-2024-39697 was published for phonenumber (Rust) Jul 9, 2024
rubdos
s2n-tls has undefined behavior at process exit Low
GHSA-rp9h-rf7g-hwgr was published for s2n-tls (Rust) Nov 14, 2024
ProTip! Advisories are also available from the GraphQL API