Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
urlnorm vulnerable to Regular Expression Denial of Service High
CVE-2023-33289 was published for urlnorm (Rust) Jun 21, 2023
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
redsun82 kevinbackhouse
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
LeoDog896
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read High
GHSA-9qwg-crg9-m2vc was published for openssl (Rust) Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference High
GHSA-6hcf-g6gr-hhcr was published for openssl (Rust) Mar 24, 2023
Frontier's modexp precompile is slow for even modulus High
CVE-2023-28431 was published for pallet-evm-precompile-modexp (Rust) Mar 21, 2023
guidovranken
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service High
GHSA-xr9w-x6gw-c9mj was published for deno (Rust) Feb 25, 2023 withdrawn
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions High
CVE-2023-0216 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains Double free after calling `PEM_read_bio_ex` High
CVE-2022-4450 was published for openssl-src (Rust) Feb 8, 2023
michaelkedar
openssl-src subject to NULL dereference validating DSA public key High
CVE-2023-0217 was published for openssl-src (Rust) Feb 8, 2023
openssl-src contains `NULL` dereference during PKCS7 data verification High
CVE-2023-0401 was published for openssl-src (Rust) Feb 8, 2023
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Warp vulnerable to Path Traversal via Improper validation of Windows paths High
GHSA-8v4j-7jgf-5rg9 was published for warp (Rust) Jan 31, 2023
tdunlap607
Deno is vulnerable to race condition via interactive permission prompt spoofing High
CVE-2023-22499 was published for deno (Rust) Jan 20, 2023
LeoDog896 another-rex
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow High
CVE-2023-22895 was published for bzip2 (Rust) Jan 10, 2023
tdunlap607
Denial of service by double-checked locking in openssl-src High
CVE-2022-3996 was published for openssl-src (Rust) Dec 13, 2022
AlmogApiiro westonsteimel
Creator Verification Error when Bubblegum Activate High
GHSA-8r76-fr72-j32w was published for mpl-bubblegum (Rust) Dec 12, 2022
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Wasmtime may have data leakage between instances in the pooling allocator High
CVE-2022-39393 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
ckb type_id script resume may randomly fail High
GHSA-mcmr-49x3-4jqm was published for ckb (Rust) Nov 2, 2022
X.509 Email Address Variable Length Buffer Overflow High
CVE-2022-3786 was published for openssl-src (Rust) Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database