GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
764 advisories
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Critical
CVE-2024-32971
was published
for
apollo-router
(Rust)
May 2, 2024
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
High
CVE-2024-32984
was published
for
yamux
(Rust)
May 1, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
Infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
High
CVE-2024-32650
was published
for
rustls
(Rust)
Apr 19, 2024
gix-transport indirect code execution via malicious username
Moderate
CVE-2024-32884
was published
for
gitoxide
(Rust)
Apr 15, 2024
cassandra-rs's non-idiomatic use of iterators leads to use after free
High
CVE-2024-27284
was published
for
cassandra-cpp
(Rust)
Apr 5, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Low
CVE-2024-30266
was published
for
wasmtime
(Rust)
Apr 2, 2024
tls-listener affected by the slow loris vulnerability with default configuration
High
CVE-2024-28854
was published
for
tls-listener
(Rust)
Mar 15, 2024
quiche vulnerable to unbounded storage of information related to connection ID retirement
Low
CVE-2024-1410
was published
for
quiche
(Rust)
Mar 13, 2024
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Moderate
CVE-2024-28101
was published
for
apollo-router
(Rust)
Mar 6, 2024
*const c_void / ExternalPointer unsoundness leading to use-after-free
Moderate
CVE-2024-27934
was published
for
Deno
(Rust)
Mar 6, 2024
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Moderate
CVE-2024-27932
was published
for
deno
(Rust)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API