Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

19 advisories

Loading
axum-core has no default limit put on request bodies High
CVE-2022-3212 was published for axum-core (Rust) Sep 15, 2022
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Uncontrolled Resource Consumption in opcua High
CVE-2022-25888 was published for opcua (Rust) Aug 24, 2022
Duplicate of GHSA-m77f-652q-wwp4 High
GHSA-2gg5-7c4v-6xx2 was published for axum-core (Rust) Sep 15, 2022 withdrawn
Insufficient size checks in ws High
CVE-2020-35896 was published for ws (Rust) Aug 25, 2021
Denial of service in bingrep Moderate
CVE-2021-39480 was published for bingrep (Rust) Jan 28, 2022
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
Allocation of Resources Without Limits or Throttling in ckb High
CVE-2021-45699 was published for ckb (Rust) Jan 6, 2022
Uncontrolled memory consumption in protobuf High
CVE-2019-15544 was published for protobuf (Rust) Aug 25, 2021
libp2p DoS vulnerability from lack of resource management High
CVE-2022-23486 was published for libp2p (Rust) Dec 7, 2022
Rust-WebSocket memory allocation based on untrusted length High
CVE-2022-35922 was published for websocket (Rust) Aug 6, 2022
evanrichter
Unsafe parsing in SWHKD Moderate
CVE-2022-27819 was published for Simple-Wayland-HotKey-Daemon (Rust) Apr 8, 2022
J3rry-1729
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
h2 servers vulnerable to degradation of service with CONTINUATION Flood Moderate
GHSA-q6cp-qfwq-4gcv was published for h2 (Rust) Apr 5, 2024
Unlimited number of NTS-KE connections can crash ntpd-rs server High
CVE-2024-38528 was published for ntpd (Rust) Jun 28, 2024
mlichvar
Russh has an OOM Denial of Service due to allocation of untrusted amount High
CVE-2024-43410 was published for russh (Rust) Aug 14, 2024
Noratrieb Eugeny
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies High
CVE-2024-43783 was published for apollo-router (Rust) Aug 27, 2024
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
MindPatch
ProTip! Advisories are also available from the GraphQL API