Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,431 advisories

Loading
Data races in futures-intrusive Moderate
CVE-2020-35915 was published for futures-intrusive (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35911 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35914 was published for lock_api (Rust) Aug 25, 2021
Data races in lock_api Moderate
CVE-2020-35910 was published for lock_api (Rust) Aug 25, 2021
Data races in atom Moderate
CVE-2020-35897 was published for atom (Rust) Aug 25, 2021
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr Moderate
CVE-2020-35886 was published for arr (Rust) Aug 25, 2021
Data races in rulinalg Critical
CVE-2020-35879 was published for rulinalg (Rust) Aug 25, 2021
Data races in rocket High
CVE-2020-35882 was published for rocket (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35866 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35867 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite Critical
CVE-2020-35868 was published for rusqlite (Rust) Aug 25, 2021
Data races in rusqlite High
CVE-2020-35871 was published for rusqlite (Rust) Aug 25, 2021
Use after free in internment High
CVE-2020-35874 was published for internment (Rust) Aug 25, 2021
Multiple memory safety issues in actix-web Moderate
GHSA-w65j-g6c7-g3m4 was published for actix-web (Rust) Aug 25, 2021
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
opencontainers runc contains procfs race condition with a shared volume mount Moderate
CVE-2019-19921 was published for github.com/opencontainers/runc (Go) May 27, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Low
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
ECDSA signature vulnerability of Minerva timing attack in jsrsasign Moderate
GHSA-g753-jx37-7xwh was published for jsrsasign (npm) Jun 30, 2020
Information disclosure in JBoss Weld Moderate
CVE-2014-8122 was published for org.jboss.weld:weld-core-bom (Maven) Jun 10, 2020
Potential Observable Timing Discrepancy in Wagtail Moderate
CVE-2020-11037 was published for wagtail (pip) May 7, 2020
thibaudcolas
cookie-signature Timing Attack Moderate
CVE-2016-1000236 was published for cookie-signature (npm) Jan 6, 2020
In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate
CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database