Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

846 advisories

Loading
Tonic has remotely exploitable denial of service vulnerability Moderate
CVE-2024-47609 was published for tonic (Rust) Oct 1, 2024
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Ouch! allows a segmentation fault due to use of uninitialized memory Moderate
GHSA-2wq5-g96f-mv3v was published for ouch (Rust) Sep 23, 2024
lexical-core has multiple soundness issues Low
GHSA-2326-pfpj-vx3h was published for lexical-core (Rust) Sep 16, 2024
Untrusted Query Object Evaluation in RPC API High
GHSA-64f8-pjgr-9wmr was published for surrealdb (Rust) Sep 11, 2024
RaphaelDarley
gix-path improperly resolves configuration path reported by Git Moderate
CVE-2024-45405 was published for gix-path (Rust) Sep 6, 2024
EliahKagan
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call` High
CVE-2024-7884 was published for ic_cdk (Rust) Sep 5, 2024
adamspofford-dfinity
Missing connection timeout in Aardvark-dns High
CVE-2024-8418 was published for aardvark-dns (Rust) Sep 4, 2024
olm-sys: wrapped library unmaintained, potentially vulnerable High
GHSA-p2q9-36vw-c468 was published for olm-sys (Rust) Sep 3, 2024
Denial of service in quinn-proto when using `Endpoint::retry()` High
CVE-2024-45311 was published for quinn-proto (Rust) Sep 3, 2024
finnbear BiagioFesta
gix-path uses local config across repos when it is the highest scope Low
CVE-2024-45305 was published for gix-path (Rust) Sep 3, 2024
EliahKagan martinvonz
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
CWA-2023-004: Excessive number of function parameters in compiled Wasm Moderate
GHSA-75qh-gg76-p2w4 was published for cosmwasm-vm (Go) Aug 27, 2024
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies High
CVE-2024-43783 was published for apollo-router (Rust) Aug 27, 2024
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries High
CVE-2024-43414 was published for @apollo/gateway (npm) Aug 27, 2024
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts High
GHSA-wq9x-qwcq-mmgf was published for diesel (Rust) Aug 23, 2024
gitoxide-core does not neutralize special characters for terminals Low
CVE-2024-43785 was published for gitoxide (Rust) Aug 22, 2024
EliahKagan
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts Moderate
GHSA-xmrp-424f-vfpx was published for sqlx (Rust) Aug 19, 2024
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra
Stack overflow when parsing specially crafted JSON ABI strings Moderate
GHSA-8327-84cj-8xjm was published for alloy-json-abi (Rust) Aug 15, 2024
Russh has an OOM Denial of Service due to allocation of untrusted amount High
CVE-2024-43410 was published for russh (Rust) Aug 14, 2024
Noratrieb Eugeny
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects High
CVE-2024-43367 was published for boa_engine (Rust) Aug 14, 2024
ctcpip arai-a
jedel1043 jasonwilliams nekevss
s2n-tls's mTLS API ordering may skip client authentication Moderate
GHSA-857q-xmph-p2v5 was published for s2n-tls (Rust) Aug 9, 2024
Gas mispricing in cosmwasm-vm Moderate
GHSA-rg2q-2jh9-447q was published for cosmwasm-vm (Go) Aug 8, 2024
unknownfeature
biscuit-auth vulnerable to public key confusion in third party block Low
CVE-2024-41949 was published for biscuit-auth (Rust) Jul 31, 2024
ProTip! Advisories are also available from the GraphQL API