Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses Low
CVE-2023-41051 was published for vm-memory (Rust) Sep 4, 2023
Manishearth
Credited to Manishearth
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports Low
CVE-2023-40030 was published for cargo (Rust) Aug 24, 2023
pietroalbini cuviper
remkop22 ehuss weihanglo Manishearth iusx
Credited to pietroalbini, cuviper, remkop22, ehuss, weihanglo, Manishearth, and iusx
Cargo not respecting umask when extracting crate archives High
CVE-2023-38497 was published for cargo (Rust) Aug 3, 2023
addisoncrump pietroalbini
weihanglo ehuss cuviper Manishearth
Credited to addisoncrump, pietroalbini, weihanglo, ehuss, cuviper, and Manishearth
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database