GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Uncontrolled memory consumption in protobuf
High
CVE-2019-15544
was published
for
protobuf
(Rust)
Aug 25, 2021
Allocation of Resources Without Limits or Throttling in ckb
High
CVE-2021-45699
was published
for
ckb
(Rust)
Jan 6, 2022
Unsafe parsing in SWHKD
Moderate
CVE-2022-27819
was published
for
Simple-Wayland-HotKey-Daemon
(Rust)
Apr 8, 2022
Rust-WebSocket memory allocation based on untrusted length
High
CVE-2022-35922
was published
for
websocket
(Rust)
Aug 6, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
High
CVE-2022-36124
was published
for
apache-avro
(Rust)
Aug 10, 2022
Uncontrolled Resource Consumption in opcua
High
CVE-2022-25888
was published
for
opcua
(Rust)
Aug 24, 2022
Duplicate of GHSA-m77f-652q-wwp4
High
GHSA-2gg5-7c4v-6xx2
was published
for
axum-core
(Rust)
Sep 15, 2022
•
withdrawn
axum-core has no default limit put on request bodies
High
CVE-2022-3212
was published
for
axum-core
(Rust)
Sep 15, 2022
libp2p DoS vulnerability from lack of resource management
High
CVE-2022-23486
was published
for
libp2p
(Rust)
Dec 7, 2022
Memory over-allocation in evm crate
Moderate
CVE-2021-29511
was published
for
evm
(Rust)
Jan 30, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Moderate
GHSA-q6cp-qfwq-4gcv
was published
for
h2
(Rust)
Apr 5, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server
High
CVE-2024-38528
was published
for
ntpd
(Rust)
Jun 28, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount
High
CVE-2024-43410
was published
for
russh
(Rust)
Aug 14, 2024
Miniscript allows stack consumption
Moderate
CVE-2024-44073
was published
for
miniscript
(Rust)
Aug 19, 2024
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
High
CVE-2024-43783
was published
for
apollo-router
(Rust)
Aug 27, 2024
async-graphql Directive Overload
High
CVE-2024-47614
was published
for
async-graphql
(Rust)
Oct 3, 2024
zlib-rs stack overflow during decompression with malicious input
Moderate
GHSA-j3px-q95c-9683
was published
for
libz-rs-sys
(Rust)
Nov 14, 2024
rPGP Potential Resource Exhaustion when handling Untrusted Messages
High
CVE-2024-53857
was published
for
pgp
(Rust)
Dec 5, 2024
ProTip!
Advisories are also available from the
GraphQL API