GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
851 advisories
Filter by severity
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
aliyundrive-webdav vulnerable to Command Injection
High
CVE-2024-29640
was published
for
aliyundrive-webdav
(pip)
Mar 29, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Moderate
CVE-2024-1765
was published
for
quiche
(Rust)
Mar 13, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Critical
CVE-2024-28123
was published
for
wasmi
(Rust)
Mar 7, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
*const c_void / ExternalPointer unsoundness leading to use-after-free
Moderate
CVE-2024-27934
was published
for
Deno
(Rust)
Mar 6, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Moderate
CVE-2024-27932
was published
for
deno
(Rust)
Mar 6, 2024
Duplicate Advisory: eza Potential Heap Overflow Vulnerability for AArch64
Moderate
GHSA-3xc6-7h59-j2x4
was published
for
eza
(Rust)
Mar 6, 2024
•
withdrawn
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
High
CVE-2024-27935
was published
for
deno
(Rust)
Mar 5, 2024
Insufficient permission checking in `Deno.makeTemp*` APIs
Moderate
CVE-2024-27931
was published
for
deno
(Rust)
Mar 5, 2024
Mio's tokens for named pipes may be delivered after deregistration
High
CVE-2024-27308
was published
for
mio
(Rust)
Mar 4, 2024
Externally Controlled Format String in Scripting Functions
High
GHSA-q3gg-m8hr-h4x4
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception in Macro Expecting Native Function to Exist
Moderate
GHSA-6wr5-jmpr-mjcx
was published
for
surrealdb
(Rust)
Feb 21, 2024
Uncaught Exception Handling Parsing Errors on Line Terminators
Moderate
GHSA-8xff-473h-f863
was published
for
surrealdb
(Rust)
Feb 21, 2024
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
High
GHSA-22q8-ghmq-63vf
was published
for
libgit2-sys
(Rust)
Feb 12, 2024
pqc_kyber KyberSlash: division timings depending on secrets
High
GHSA-x5j2-g63m-f8g4
was published
for
pqc_kyber
(Rust)
Feb 9, 2024
serde-json-wasm stack overflow during recursive JSON parsing
High
GHSA-rr69-rxr6-8qwf
was published
for
serde-json-wasm
(Rust)
Feb 9, 2024
eza Potential Heap Overflow Vulnerability for AArch64
High
CVE-2024-25817
was published
for
eza
(Rust)
Feb 8, 2024
Svix vulnerable to improper comparison of different-length signatures
Moderate
GHSA-w277-wpqf-rcfv
was published
for
svix
(Rust)
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API