Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

830 advisories

Loading
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
GHSA-f8x4-f32r-w556 was published for pyo3 (Rust) Oct 15, 2024 withdrawn
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references Moderate
CVE-2024-9979 was published for pyo3 (Rust) Oct 15, 2024
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen alexcrichton
wasmtime has a runtime crash when combining tail calls with trapping imports Moderate
CVE-2024-47763 was published for wasmtime (Rust) Oct 9, 2024
alexcrichton fitzgen
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function Moderate
GHSA-pfr9-2p92-qrhq was published for dbn (Rust) Oct 9, 2024
Improper Authorization in Select Permissions High
GHSA-9722-9j67-vjcr was published for surrealdb (Rust) Oct 8, 2024
5hanth Xkonti
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings High
GHSA-qjrv-v6qp-x99x was published for surrealdb (Rust) Oct 8, 2024
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
knassar702
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Denial of service by double-checked locking in openssl-src High
CVE-2022-3996 was published for openssl-src (Rust) Dec 13, 2022
AlmogApiiro westonsteimel
cocoon Reuses a Nonce, Key Pair in Encryption Moderate
CVE-2024-21530 was published for cocoon (Rust) Oct 2, 2024
Tonic has remotely exploitable denial of service vulnerability Moderate
CVE-2024-47609 was published for tonic (Rust) Oct 1, 2024
Ouch! allows a segmentation fault due to use of uninitialized memory Moderate
GHSA-2wq5-g96f-mv3v was published for ouch (Rust) Sep 23, 2024
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands High
CVE-2024-41815 was published for starship (Rust) Jul 26, 2024
evanbattaglia
gix-path improperly resolves configuration path reported by Git Moderate
CVE-2024-45405 was published for gix-path (Rust) Sep 6, 2024
EliahKagan
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
Multiple soundness issues in lexical Low
GHSA-c2hm-mjxv-89r4 was published for lexical (Rust) Sep 4, 2023
Integer overflow in the bundled Brotli C library Moderate
CVE-2020-8927 was published for Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm (NuGet) May 24, 2022
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries High
CVE-2024-43414 was published for @apollo/gateway (npm) Aug 27, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
BER/CER/DER decoder panics on invalid input High
CVE-2023-39914 was published for bcder (Rust) Sep 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database