Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,054 advisories

Loading
Resource leakage when decoding certificates and keys High
CVE-2022-1473 was published for openssl-src (Rust) May 4, 2022
pinkforest
Credited to pinkforest
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb High
GHSA-j35p-q24r-5367 was published for ckb (Rust) Apr 22, 2022
Relative Path Traversal in afire serve_static High
GHSA-3227-r97m-8j95 was published for afire (Rust) Apr 22, 2022
w-henderson
Credited to w-henderson
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Low
CVE-2022-27814 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Shinyzenith
Credited to Shinyzenith
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon Moderate
CVE-2022-27817 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 15, 2022
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Credited to J3rry-1729
Insecure temporary file usage in SWHKD Critical
CVE-2022-27818 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Credited to J3rry-1729
Use after free in Wasmtime High
CVE-2022-24791 was published for wasmtime (Rust) Apr 1, 2022
fitzgen cfallin
Credited to fitzgen and cfallin
Data Loss/Denial of Service in SWHKD High
CVE-2022-27816 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
Credited to Shinyzenith
Insecure Temporary File in SWHKD Critical
CVE-2022-27815 was published for Simple-Wayland-HotKey-Daemon (Rust) Mar 31, 2022
Shinyzenith
Credited to Shinyzenith
Sandbox bypass leading to arbitrary code execution in Deno Critical
CVE-2022-24783 was published for deno (Rust) Mar 29, 2022
DjDeveloperr andreubotella
aapoalas lucacasonato tdunlap607
Credited to DjDeveloperr, andreubotella, aapoalas, lucacasonato, and tdunlap607
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
Credited to rajivshah3 and michaelkedar
Rust's regex crate vulnerable to regular expression denial of service High
CVE-2022-24713 was published for regex (Rust) Mar 8, 2022
addisoncrump
Credited to addisoncrump
crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64 High
CVE-2022-23639 was published for crossbeam-utils (Rust) Feb 16, 2022
saethlin
Credited to saethlin
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals Moderate
CVE-2022-23636 was published for wasmtime (Rust) Feb 16, 2022
peterhuene
Credited to peterhuene
Buffer Overflow in galois_2p8 Critical
CVE-2022-24988 was published for galois_2p8 (Rust) Feb 15, 2022
Chrono has potential segfault issue in SPIFFE authenticator Low
GHSA-45w3-v3g4-54pm was published for parsec-service (Rust) Feb 11, 2022
Integer overflow in solana_rbpf High
CVE-2021-46102 was published for solana_rbpf (Rust) Jan 28, 2022
Denial of service in bingrep Moderate
CVE-2021-39480 was published for bingrep (Rust) Jan 28, 2022
Integer underflow in Frontier Moderate
CVE-2022-21685 was published for pallet-evm-precompile-modexp (Rust) Jan 14, 2022
Use After Free in lru High
CVE-2021-45720 was published for lru (Rust) Jan 7, 2022
Out-of-bounds Write in actix-web Critical
CVE-2018-25024 was published for actix-web (Rust) Jan 6, 2022
Use of Uninitialized Resource in smallvec High
CVE-2018-25023 was published for smallvec (Rust) Jan 6, 2022
tdunlap607
Credited to tdunlap607
Use After Free in libpulse-binding High
CVE-2018-25027 was published for libpulse-binding (Rust) Jan 6, 2022
Out-of-bounds Write in actix-web Critical
CVE-2018-25026 was published for actix-web (Rust) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database