WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,356
NuGet
765
pip
4,116
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
Credited to emilazy
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
Credited to emilazy and EliahKagan
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API. Moderate
GHSA-9cc5-2pq7-hfj8 was published for xmas-elf (Rust) Mar 26, 2025
Web Push Denial of Service via malicious Web Push endpoint Moderate
GHSA-fc83-9jwq-gc2m was published for web-push (Rust) Mar 24, 2025
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints Moderate
GHSA-vgmh-mqm4-8j88 was published for pared (Rust) Mar 24, 2025
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66 Moderate
CVE-2025-27612 was published for libcontainer (Rust) Mar 21, 2025
YJDoc2 utam0k
jprendes
Credited to YJDoc2, utam0k, and jprendes
gurk (aka gurk-rs) mishandles ANSI escape sequences Moderate
CVE-2025-30089 was published for gurk (Rust) Mar 17, 2025
Malayke
Credited to Malayke
ntpd NTS client denial of service via wrongly sized cookies Moderate
GHSA-v83q-83hj-rw38 was published for ntpd (Rust) Feb 28, 2025
rzaba0
Credited to rzaba0
qcp has possible crash/DOS in some build configurations Moderate
GHSA-fmwf-c46w-r8qm was published for qcp (Rust) Mar 8, 2025
Some AES functions may panic when overflow checking is enabled in ring Moderate
GHSA-4p46-pwfr-66x6 was published for ring (Rust) Mar 7, 2025
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2025-27498 was published for ascon_aead (Rust) Mar 3, 2025
thealtofwar
Credited to thealtofwar
rust-openssl ssl::select_next_proto use after free Moderate
CVE-2025-24898 was published for openssl (Rust) Feb 3, 2025
mmastrac
Credited to mmastrac
Server-Side Request Forgery (SSRF) in activitypub_federation Moderate
CVE-2025-25194 was published for activitypub_federation (Rust) Feb 10, 2025
nnfrog
Credited to nnfrog
Hickory DNS failure to verify self-signed RRSIG for DNSKEYs Moderate
GHSA-v7pc-74h8-xq2h was published for hickory-proto (Rust) Feb 10, 2025
Hickory DNS's DNSSEC validation may accept broken authentication chains Moderate
CVE-2025-25188 was published for hickory-proto (Rust) Feb 10, 2025
divergentdave
Credited to divergentdave
grcov has an out of bounds write triggered by crafted coverage data Moderate
GHSA-qm2p-4w45-v2vr was published for grcov (Rust) Feb 10, 2025
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending Moderate
CVE-2023-30610 was published for aws-sigv4 (Rust) Apr 26, 2023
fast-fault has a segmentation fault due to lack of bound check Moderate
GHSA-8655-xgh5-5vvq was published for fast-float (Rust) Jan 29, 2025
fast-float2 has a segmentation fault due to lack of bound check Moderate
GHSA-jqcp-xc3v-f446 was published for fast-float2 (Rust) Jan 29, 2025
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity Moderate
CVE-2024-52813 was published for matrix-sdk-crypto (Rust) Jan 7, 2025
gix-worktree-state nonexclusive checkout sets executable files world-writable Moderate
CVE-2025-22620 was published for gix-worktree-state (Rust) Jan 21, 2025
EliahKagan
Credited to EliahKagan
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database