GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
wasmtime has a runtime crash when combining tail calls with trapping imports
Moderate
CVE-2024-47763
was published
for
wasmtime
(Rust)
Oct 9, 2024
Gas mispricing in cosmwasm-vm
Moderate
GHSA-rg2q-2jh9-447q
was published
for
cosmwasm-vm
(Go)
Aug 8, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
gix refs and paths with reserved Windows device names access the devices
Moderate
CVE-2024-35197
was published
for
gitoxide
(Rust)
May 22, 2024
gix-transport code execution vulnerability
Moderate
GHSA-rrjw-j4m2-mf34
was published
for
gix-transport
(Rust)
Sep 25, 2023
iFrames Bypass Origin Checks for Tauri API Access Control
Moderate
CVE-2024-35222
was published
for
tauri
(Rust)
May 23, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Moderate
CVE-2024-22192
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Moderate
CVE-2024-21670
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
openssl-src NULL pointer Dereference in signature_algorithms processing
Moderate
CVE-2021-3449
was published
for
openssl-src
(Rust)
Aug 25, 2021
Cargo extracting malicious crates can fill the file system
Moderate
CVE-2022-36114
was published
for
cargo
(Rust)
Sep 16, 2022
matrix-sdk-crypto contains potential impersonation via room key forward responses
Moderate
CVE-2022-39252
was published
for
matrix-sdk-crypto
(Rust)
Sep 30, 2022
Validity check missing in Frontier
Moderate
CVE-2021-41138
was published
for
Frontier
(Rust)
Oct 13, 2021
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Moderate
CVE-2022-46149
was published
for
capnp
(Rust)
Dec 5, 2022
ELF header parsing library doesn't check for valid offset
Moderate
GHSA-g6pw-999w-j75m
was published
for
elf_rs
(Rust)
Jan 20, 2023
hyper-staticfile's location header incorporates user input, allowing open redirect
Moderate
GHSA-5wvv-q5fv-2388
was published
for
hyper-staticfile
(Rust)
Dec 30, 2022
ProTip!
Advisories are also available from the
GraphQL API