Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
s2n-tls's mTLS API ordering may skip client authentication Moderate
GHSA-857q-xmph-p2v5 was published for s2n-tls (Rust) Aug 9, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check Moderate
CVE-2024-40648 was published for matrix-sdk-crypto (Rust) Jul 18, 2024
dkasak poljar
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User Moderate
GHSA-gh9f-6xm2-c4j2 was published for surrealdb (Rust) Jul 11, 2024
ericwhitefield
matrix-sdk-crypto contains potential impersonation via room key forward responses Moderate
CVE-2022-39252 was published for matrix-sdk-crypto (Rust) Sep 30, 2022
michaelkedar
ProTip! Advisories are also available from the GraphQL API