Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,597
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
jsonwebtoken has Type Confusion that leads to potential authorization bypass Moderate
CVE-2026-25537 was published for jsonwebtoken (Rust) Feb 3, 2026
Kr1shna4garwal
Credited to Kr1shna4garwal
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb joshbressers
Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers
SCSIR has a Potential Unsound Issue in WriteSameCommand Low
CVE-2025-48756 was published for scsir (Rust) May 24, 2025
obfstr Type Confusion vulnerability Low
CVE-2024-58253 was published for obfstr (Rust) May 2, 2025
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device` Moderate
GHSA-3qx8-rv27-j6gp was published for kvm-ioctls (Rust) Dec 23, 2024
eyre: Parts of Report are dropped as the wrong type during downcast High
GHSA-4v52-7q2x-v4xj was published for eyre (Rust) Apr 5, 2024
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
Credited to ShinWonho
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Credited to ehe9991
Type confusion if __private_get_type_id__ is overriden Critical
CVE-2020-25575 was published for failure (Rust) Jun 16, 2022
michaelkedar
Credited to michaelkedar
Wrong type for `Linker`-define functions when used across two `Engine`s Moderate
CVE-2021-39219 was published for wasmtime (pip) Sep 20, 2021
alexcrichton
Credited to alexcrichton
Data races in model High
CVE-2020-36460 was published for model (Rust) Aug 25, 2021
Rust Failure Crate Vulnerable to Type confusion Critical
CVE-2019-25010 was published for failure (Rust) Aug 25, 2021
Out of bounds access in rgb Critical
CVE-2020-25016 was published for rgb (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database