GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
348 advisories
Filter by severity
mozjpeg DecompressScanlines::read_scanlines is Unsound
High
GHSA-v8gq-5grq-9728
was published
for
mozjpeg
(Rust)
Sep 16, 2022
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
High
CVE-2022-36086
was published
for
linked_list_allocator
(Rust)
Sep 16, 2022
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
Duplicate of GHSA-m77f-652q-wwp4
High
GHSA-2gg5-7c4v-6xx2
was published
for
axum-core
(Rust)
Sep 15, 2022
•
withdrawn
NLnet Labs Routinator has Reachable Assertion vulnerability
High
CVE-2022-3029
was published
for
routinator
(Rust)
Sep 14, 2022
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
High
GHSA-c439-chv8-8g2j
was published
for
os_socketaddr
(Rust)
Sep 2, 2022
opcua Vulnerable to Out-of-bounds Write
High
CVE-2022-25903
was published
for
opcua
(Rust)
Aug 25, 2022
Uncontrolled Resource Consumption in opcua
High
CVE-2022-25888
was published
for
opcua
(Rust)
Aug 24, 2022
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
High
GHSA-h864-m8vm-3xvj
was published
for
oqs
(Rust)
Aug 18, 2022
tower-http's improper validation of Windows paths could lead to directory traversal attack
High
GHSA-qrqq-9c63-xfrg
was published
for
tower-http
(Rust)
Aug 11, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK corrupted data read can cause crash
High
CVE-2022-36125
was published
for
apache-avro
(Rust)
Aug 10, 2022
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
High
CVE-2022-35724
was published
for
apache-avro
(Rust)
Aug 10, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
`libsqlite3-sys` via C SQLite improperly validates array index
High
CVE-2022-35737
was published
for
libsqlite3-sys
(Rust)
Aug 4, 2022
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
High
CVE-2022-31173
was published
for
juniper
(Rust)
Jul 29, 2022
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
High
GHSA-xq3c-8gqm-v648
was published
for
async-graphql
(Rust)
Jul 29, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
High
GHSA-r45x-ghr2-qjxc
was published
for
zeroize_derive
(Rust)
Jun 17, 2022
•
withdrawn
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
High
GHSA-3pp4-64mp-9cg9
was published
for
tremor-script
(Rust)
Jun 17, 2022
Data race in `Iter` and `IterMut`
High
GHSA-9hpw-r23r-xgm5
was published
for
thread_local
(Rust)
Jun 17, 2022
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
High
GHSA-6692-8qqf-79jc
was published
for
tectonic_xdv
(Rust)
Jun 17, 2022
Miscomputed sha2 results when using AVX2 backend
High
GHSA-xpww-g9jx-hp8r
was published
for
sha2
(Rust)
Jun 17, 2022
Incorrect Lifetime Bounds on Closures in `rusqlite`
High
GHSA-q89g-4vhh-mvvm
was published
for
rusqlite
(Rust)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API