Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Low
CVE-2021-32715 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
tdunlap607
Credited to mattiasgrenfeldt, asta12, and tdunlap607
Integer Overflow in Chunked Transfer-Encoding Moderate
CVE-2021-32714 was published for hyper (Rust) Jul 12, 2021
mattiasgrenfeldt asta12
Credited to mattiasgrenfeldt and asta12
SMTP command injection in lettre Critical
CVE-2021-38189 was published for lettre (Rust) Jul 12, 2021
paolobarbolini
Credited to paolobarbolini
OS command injection in ripgrep Critical
CVE-2021-3013 was published for grep-cli (Rust) Aug 5, 2021
VecStorage Deserialize Allows Violation of Length Invariant Moderate
GHSA-h3mf-4fwp-59c7 was published for nalgebra (Rust) Aug 5, 2021 withdrawn
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Double free in smallvec Critical
CVE-2018-20991 was published for smallvec (Rust) Aug 25, 2021
Memory corruption slice-deque Critical
CVE-2018-20995 was published for slice-deque (Rust) Aug 25, 2021
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Improper Input Validation in cookie High
CVE-2017-18589 was published for cookie (Rust) Aug 25, 2021
Headers containing newline characters can split messages in hyper Moderate
CVE-2017-18587 was published for hyper (Rust) Aug 25, 2021
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Source code is downloaded over cleartext HTTP in portaudio Moderate
CVE-2016-10933 was published for portaudio (Rust) Aug 25, 2021
Improper Certificate Validation in openssl High
CVE-2016-10931 was published for openssl (Rust) Aug 25, 2021
Uncontrolled recursion in rust-yaml High
CVE-2018-20993 was published for yaml-rust (Rust) Aug 25, 2021
Uncontrolled recursion in trust-dns-proto High
CVE-2018-20994 was published for trust-dns-proto (Rust) Aug 25, 2021
Flaw in streaming state in orion High
CVE-2018-20999 was published for orion (Rust) Aug 25, 2021
Double free in crossbeam Critical
CVE-2018-20996 was published for crossbeam (Rust) Aug 25, 2021
Heap overflow or corruption in safe-transmute Critical
CVE-2018-21000 was published for safe-transmute (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Potential memory corruption in arrayfire Critical
CVE-2018-20998 was published for arrayfire (pip) Aug 25, 2021
westonsteimel
Credited to westonsteimel
Use after free in openssl Critical
CVE-2018-20997 was published for openssl (Rust) Aug 25, 2021
Integer underflow in untrusted High
CVE-2018-20989 was published for untrusted (Rust) Aug 25, 2021
Uninitialized memory exposure in claxon Moderate
CVE-2018-20992 was published for claxon (Rust) Aug 25, 2021
Arbitrary file overwrite in tar-rs High
CVE-2018-20990 was published for tar (Rust) Aug 25, 2021
tdunlap607
Credited to tdunlap607
Out of bounds read in simd-json High
CVE-2019-15550 was published for simd-json (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database