GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
872 advisories
Filter by severity
Nervos CKB Snappy decompress length can be very large and causes out of memory error
High
GHSA-3gjh-29fv-8hr6
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB Panic on malformed input
High
GHSA-wjxc-pjx9-4wvm
was published
for
ckb
(Rust)
Feb 3, 2024
Nervos CKB node panics when processing a block which parent timestamp is too new
High
GHSA-hjqq-29pw-96wj
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Moderate
GHSA-r9rv-9mh8-pxf4
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Low
GHSA-pr39-8257-fxc2
was published
for
ckb
(Rust)
Feb 2, 2024
Nervos CKB Unaligned Pointer Dereference
Moderate
GHSA-q669-2vfg-cxcg
was published
for
ckb
(Rust)
Feb 2, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability
Low
CVE-2022-39394
was published
for
wasmtime
(Rust)
Feb 1, 2024
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
Any authenticated user may obtain private message details from other users on the same instance
High
CVE-2024-23649
was published
for
lemmy_server
(Rust)
Jan 24, 2024
Unauthenticated Nonce Increment in snow
Moderate
GHSA-7g9j-g5jg-3vv3
was published
for
snow
(Rust)
Jan 24, 2024
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Moderate
CVE-2024-23644
was published
for
trillium-client
(Rust)
Jan 24, 2024
Use-after-free when setting the locale
Moderate
GHSA-c8v3-jhv9-4ppc
was published
for
rust-i18n-support
(Rust)
Jan 23, 2024
Unsound sending of non-Send types across threads in threadalone
Moderate
GHSA-w59h-378f-2frm
was published
for
threadalone
(Rust)
Jan 23, 2024
Multiple issues involving quote API in shlex
High
GHSA-r7qv-8r2h-pg27
was published
for
shlex
(Rust)
Jan 22, 2024
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
High
GHSA-58j9-j2fj-v8f4
was published
for
surrealdb
(Rust)
Jan 19, 2024
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Moderate
GHSA-8r5v-vm4m-4g25
was published
for
h2
(Rust)
Jan 19, 2024
Uncontrolled Recursion in SurrealQL Parsing
Moderate
GHSA-6r8p-hpg7-825g
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception processing HTTP Headers in SurrealDB
High
GHSA-m24x-r6q3-2vp9
was published
for
surrealdb
(Rust)
Jan 18, 2024
Uncaught Exception in surrealdb
Moderate
GHSA-jm4v-58r5-66hj
was published
for
surrealdb
(Rust)
Jan 18, 2024
use-after-free in tracing
Moderate
GHSA-8f24-6m29-wm2r
was published
for
tracing
(Rust)
Jan 17, 2024
ferris-says has undefined behavior when not using UTF-8
Low
GHSA-v363-rrf2-5fmj
was published
for
ferris-says
(Rust)
Jan 17, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
ProTip!
Advisories are also available from the
GraphQL API