Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,598
NuGet
787
pip
4,305
Pub
12
RubyGems
983
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Credited to mgerstner
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17
Credited to Ezzer17
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate) High
GHSA-6692-8qqf-79jc was published for tectonic_xdv (Rust) Jun 17, 2022 withdrawn
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53
Credited to cure53
Clatter has a PSK Validity Rule Violation issue High
CVE-2026-24785 was published for clatter (Rust) Jan 28, 2026
twisteroidambassador
Credited to twisteroidambassador
soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives High
CVE-2026-24783 was published for soroban-fixed-point-math (Rust) Jan 28, 2026
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass High
CVE-2026-22864 was published for deno (Rust) Jan 16, 2026
SharokhAtaie B14CK-SPID3R
Credited to SharokhAtaie and B14CK-SPID3R
oneshot has potential Use After Free when used asynchronously High
GHSA-rvr2-r3pv-5m4p was published for oneshot (Rust) Jan 27, 2026
Duplicate Advisory: Data races in ticketed_lock High
GHSA-gq4h-f254-7cw9 was published for ticketed_lock (Rust) Aug 25, 2021 withdrawn
Duplicate Advisory: Data races on syncpool High
GHSA-r88h-6987-g79f was published for syncpool (Rust) Aug 25, 2021 withdrawn
Panic mishandled in libpulse-binding High
CVE-2019-25055 was published for libpulse-binding (Rust) Jan 6, 2022
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
Use After Free in lucet High
CVE-2021-43790 was published for lucet-runtime (Rust) Nov 30, 2021
iximeow acfoltzer
cratelyn aturon alexcrichton aggarwaa
Credited to iximeow, acfoltzer, cratelyn, aturon, alexcrichton, and aggarwaa
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb joshbressers
Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE High
CVE-2026-22700 was published for sm2 (Rust) Jan 13, 2026
XlabAITeam tl2cents
keenanwgn A7um
Credited to XlabAITeam, tl2cents, keenanwgn, and A7um
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam tl2cents
keenanwgn A7um
Credited to XlabAITeam, tl2cents, keenanwgn, and A7um
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam keenanwgn
tl2cents A7um
Credited to XlabAITeam, keenanwgn, tl2cents, and A7um
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari mwlik
imenyoo2
Credited to AhmedMokhtari, mwlik, and imenyoo2
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names High
CVE-2026-22257 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari imenyoo2
mwlik
Credited to AhmedMokhtari, imenyoo2, and mwlik
RustFS Path Traversal Vulnerability High
CVE-2025-68705 was published for rustfs (Rust) Jan 7, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd hko-s
dignifiedquire link2xt
Credited to invd, hko-s, dignifiedquire, and link2xt
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands High
CVE-2024-41815 was published for starship (Rust) Jul 26, 2024
evanbattaglia
Credited to evanbattaglia
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database