Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

880 advisories

Loading
Mimalloc Can Allocate Memory with Bad Alignment Moderate
GHSA-g23h-7vf9-xc25 was published for mimalloc (Rust) Nov 12, 2024
paillier-zk has ambiguous challenge derivation Low
GHSA-fpr5-jp2j-4q2f was published for paillier-zk (Rust) Nov 12, 2024
cggmp21 vulnerable to ambiguous challenge derivation Low
GHSA-rm66-9gh4-4gp8 was published for cggmp21 (Rust) Nov 12, 2024
`simd-json-derive` vulnerable to `MaybeUninit` misuse Moderate
GHSA-pqpw-89w5-82v5 was published for simd-json-derive (Rust) Nov 12, 2024
cggmp21-keygen has ambiguous challenge derivation Low
GHSA-7jjx-3qw9-j6h6 was published for cggmp21-keygen (Rust) Nov 12, 2024
`fast-float` has multiple soundness issues Low
GHSA-x8jh-xj3x-gx3c was published for fast-float (Rust) Nov 12, 2024
sp1 has insufficient observation of cumulative sum Low
GHSA-8m24-3cfx-9fjw was published for sp1-recursion-circuit (Rust) Nov 8, 2024
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen yuja
cap-std doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51756 was published for cap-async-std (Rust) Nov 5, 2024
nathaniel-daniel
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
loona-hpack Panic Vulnerability Moderate
CVE-2024-51502 was published for loona-hpack (Rust) Nov 4, 2024
Tor Arti's STUB circuits incorrectly have a length of 2 High
CVE-2024-35312 was published for arti (Rust) May 18, 2024
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic Moderate
GHSA-f77q-r5qm-w4m8 was published for sp1-recursion-gnark-ffi (Rust) Oct 29, 2024
Weight not properly refunded after EVM execution Moderate
CVE-2022-39242 was published for pallet-ethereum (Rust) Sep 23, 2022
Validity check missing in Frontier Moderate
CVE-2021-41138 was published for pallet-ethereum (Rust) Oct 13, 2021
Integer underflow in Frontier Moderate
CVE-2022-21685 was published for pallet-evm-precompile-modexp (Rust) Jan 14, 2022
Incorrect parsing of EVM reversion exit reason in RPC Moderate
CVE-2022-36008 was published for fc-rpc (Rust) Aug 18, 2022
Frontier's modexp precompile is slow for even modulus High
CVE-2023-28431 was published for pallet-evm-precompile-modexp (Rust) Mar 21, 2023
guidovranken
Transaction validity oversight in pallet-ethereum Moderate
CVE-2021-39193 was published for pallet-ethereum (Rust) Sep 1, 2021
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
GHSA-f8x4-f32r-w556 was published for pyo3 (Rust) Oct 15, 2024 withdrawn
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
CVE-2024-9979 was published for pyo3 (Rust) Oct 15, 2024
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen alexcrichton
wasmtime has a runtime crash when combining tail calls with trapping imports Moderate
CVE-2024-47763 was published for wasmtime (Rust) Oct 9, 2024
alexcrichton fitzgen
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function Moderate
GHSA-pfr9-2p92-qrhq was published for dbn (Rust) Oct 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database