GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
334 advisories
Filter by severity
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
High
CVE-2024-43783
was published
for
apollo-router
(Rust)
Aug 27, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
High
CVE-2024-43414
was published
for
@apollo/gateway
(npm)
Aug 27, 2024
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
High
GHSA-wq9x-qwcq-mmgf
was published
for
diesel
(Rust)
Aug 23, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount
High
CVE-2024-43410
was published
for
russh
(Rust)
Aug 14, 2024
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
High
CVE-2024-43367
was published
for
boa_engine
(Rust)
Aug 14, 2024
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
High
CVE-2024-41815
was published
for
starship
(Rust)
Jul 26, 2024
panic on parsing crafted phonenumber inputs
High
CVE-2024-39697
was published
for
phonenumber
(Rust)
Jul 9, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
Tor Arti's STUB circuits incorrectly have a length of 2
High
CVE-2024-35312
was published
for
arti
(Rust)
May 18, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
Denial of Service Vulnerability in Rustls Library
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
crayon: ObjectPool creates uninitialized memory when freeing objects
High
GHSA-xfhw-6mc4-mgxf
was published
for
crayon
(Rust)
Apr 5, 2024
whoami stack buffer overflow on several Unix platforms
High
GHSA-w5w5-8vfh-xcjq
was published
for
whoami
(Rust)
Apr 5, 2024
eyre: Parts of Report are dropped as the wrong type during downcast
High
GHSA-4v52-7q2x-v4xj
was published
for
eyre
(Rust)
Apr 5, 2024
HPACK decoder panics on invalid input
High
GHSA-w7hm-hmxv-pvhf
was published
for
hpack
(Rust)
Apr 5, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
aliyundrive-webdav vulnerable to Command Injection
High
CVE-2024-29640
was published
for
aliyundrive-webdav
(pip)
Mar 29, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
High
CVE-2024-27936
was published
for
deno
(Rust)
Mar 5, 2024
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
High
CVE-2024-27935
was published
for
deno
(Rust)
Mar 5, 2024
Mio's tokens for named pipes may be delivered after deregistration
High
CVE-2024-27308
was published
for
mio
(Rust)
Mar 4, 2024
ProTip!
Advisories are also available from the
GraphQL API