Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

78 advisories

.NET Elevation of Privilege Vulnerability High
CVE-2024-21409 was published for Microsoft.WindowsDesktop.App.Runtime.win-arm64 (NuGet) Apr 17, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
Use-after-free in libxml2 via Nokogiri::XML::Reader Moderate
GHSA-vcc3-rw6f-jv97 was published for nokogiri (RubyGems) Mar 18, 2024
Use After Free in SixLabors.ImageSharp High
CVE-2024-27929 was published for SixLabors.ImageSharp (NuGet) Mar 5, 2024
antonfirsov Luzenna
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun radekvit
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
Use after free in libpulse-binding Moderate
GHSA-f56g-chqp-22m9 was published for libpulse-binding (Rust) Feb 3, 2024
Use-after-free when setting the locale Moderate
GHSA-c8v3-jhv9-4ppc was published for rust-i18n-support (Rust) Jan 23, 2024
use-after-free in tracing Moderate
GHSA-8f24-6m29-wm2r was published for tracing (Rust) Jan 17, 2024
Use after free in PaddlePaddle High
CVE-2023-38669 was published for paddlepaddle (pip) Jul 26, 2023
Withdrawn: Use after free in SciPy Critical
CVE-2023-29824 was published for scipy (pip) Jul 6, 2023 withdrawn
vin01
.NET Remote Code Execution Vulnerability High
CVE-2023-33128 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Jun 14, 2023
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer High
CVE-2023-30549 was published for github.com/apptainer/apptainer (Go) Apr 25, 2023
DrDaveD
.NET Remote Code Execution Vulnerability High
CVE-2023-21808 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Feb 14, 2023
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF` High
CVE-2023-0215 was published for openssl-src (Rust) Feb 8, 2023
another-rex
Garbage collection issue in BC-FJA in Java 13 and later Moderate
CVE-2022-45146 was published for org.bouncycastle:bc-fips (Maven) Nov 21, 2022
iana-time-zone vulnerable to use after free in MacOS / iOS implementation Moderate
GHSA-3fg9-hcq5-vxrc was published for iana-time-zone (Rust) Aug 30, 2022
Wasmtime vulnerable to Use After Free with `externref`s Moderate
CVE-2022-31146 was published for cranelift-codegen (Rust) Jul 20, 2022
alexcrichton fitzgen
jameysharp
Nokogiri has vulnerable dependencies on libxml2 and libxslt High
CVE-2021-30560 was published for nokogiri (RubyGems) May 24, 2022
Use After Free in Hermes Critical
CVE-2021-24037 was published for hermes-engine (npm) May 24, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free High
CVE-2021-3518 was published for nokogiri (RubyGems) May 24, 2022
Fix a use-after-free bug in diesels Sqlite backend Critical
CVE-2021-28305 was published for diesel (Rust) May 24, 2022
futures_task::waker may cause a use-after-free if used on a type that isn't 'static High
CVE-2020-35906 was published for futures-task (Rust) May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen mattyr
flavorjones staticintlucas thomasthaddeus BaerMitUmlaut dlackty
ProTip! Advisories are also available from the GraphQL API