Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

348 advisories

Loading
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
LeoDog896
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read High
GHSA-9qwg-crg9-m2vc was published for openssl (Rust) Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference High
GHSA-6hcf-g6gr-hhcr was published for openssl (Rust) Mar 24, 2023
Frontier's modexp precompile is slow for even modulus High
CVE-2023-28431 was published for pallet-evm-precompile-modexp (Rust) Mar 21, 2023
guidovranken
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions High
CVE-2023-0216 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex` High
CVE-2022-4450 was published for openssl-src (Rust) Feb 8, 2023
michaelkedar
openssl-src subject to NULL dereference validating DSA public key High
CVE-2023-0217 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification High
CVE-2023-0401 was published for openssl-src (Rust) Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Warp vulnerable to Path Traversal via Improper validation of Windows paths High
GHSA-8v4j-7jgf-5rg9 was published for warp (Rust) Jan 31, 2023
tdunlap607
Deno is vulnerable to race condition via interactive permission prompt spoofing High
CVE-2023-22499 was published for deno (Rust) Jan 20, 2023
LeoDog896 another-rex
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607
Denial of service by double-checked locking in openssl-src High
CVE-2022-3996 was published for openssl-src (Rust) Dec 13, 2022
AlmogApiiro westonsteimel
Creator Verification Error when Bubblegum Activate High
GHSA-8r76-fr72-j32w was published for mpl-bubblegum (Rust) Dec 12, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Wasmtime may have data leakage between instances in the pooling allocator High
CVE-2022-39393 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
X.509 Email Address Variable Length Buffer Overflow High
CVE-2022-3786 was published for openssl-src (Rust) Nov 1, 2022
conduit-hyper vulnerable to Denial of Service from unchecked request length High
CVE-2022-39294 was published for conduit-hyper (Rust) Oct 31, 2022
Using a Custom Cipher with `NID_undef` may lead to NULL encryption High
CVE-2022-3358 was published for openssl-src (Rust) Oct 11, 2022
Exposure of sensitive Slack webhook URLs in debug logs and traces High
CVE-2022-39292 was published for slack-morphism (Rust) Oct 10, 2022
WASM3 Improper Input Validation vulnerability High
CVE-2022-39974 was published for pywasm3 (pip) Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database