Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17
Credited to Ezzer17
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers High
CVE-2026-21862 was published for rustfs (Rust) Feb 3, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
Clatter has a PSK Validity Rule Violation issue High
CVE-2026-24785 was published for clatter (Rust) Jan 28, 2026
twisteroidambassador
Credited to twisteroidambassador
soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives High
CVE-2026-24783 was published for soroban-fixed-point-math (Rust) Jan 28, 2026
oneshot has potential Use After Free when used asynchronously High
GHSA-rvr2-r3pv-5m4p was published for oneshot (Rust) Jan 27, 2026
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53
Credited to cure53
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass High
CVE-2026-22864 was published for deno (Rust) Jan 16, 2026
SharokhAtaie B14CK-SPID3R
Credited to SharokhAtaie and B14CK-SPID3R
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE High
CVE-2026-22700 was published for sm2 (Rust) Jan 13, 2026
XlabAITeam tl2cents
keenanwgn A7um
Credited to XlabAITeam, tl2cents, keenanwgn, and A7um
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam tl2cents
keenanwgn A7um
Credited to XlabAITeam, tl2cents, keenanwgn, and A7um
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam keenanwgn
tl2cents A7um
Credited to XlabAITeam, keenanwgn, tl2cents, and A7um
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari mwlik
imenyoo2
Credited to AhmedMokhtari, mwlik, and imenyoo2
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names High
CVE-2026-22257 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari imenyoo2
mwlik
Credited to AhmedMokhtari, imenyoo2, and mwlik
RustFS Path Traversal Vulnerability High
CVE-2025-68705 was published for rustfs (Rust) Jan 7, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
Critical Use-After-Free in Wasmi's Linear Memory High
CVE-2025-66627 was published for wasmi (Rust) Dec 8, 2025
libcrux incorrectly calculates on aarch64 High
GHSA-2cgv-28vr-rv6j was published for libcrux-intrinsics (Rust) Dec 4, 2025
cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures High
CVE-2025-66017 was published for cggmp21 (Rust) Nov 25, 2025
thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS High
CVE-2025-65947 was published for thread-amount (Rust) Nov 21, 2025
jzeuzs
Credited to jzeuzs
Apollo Router Affected by an Access Control Bypass on Polymorphic Types High
CVE-2025-64173 was published for apollo-router (Rust) Nov 6, 2025
dariuszkuc
Credited to dariuszkuc
Apollo Router Improperly Enforces Renamed Access Control Directives High
CVE-2025-64347 was published for apollo-router (Rust) Nov 6, 2025
sachindshinde
Credited to sachindshinde
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-62596 was published for youki (Rust) Nov 5, 2025
saku3 cyphar
Credited to saku3 and cyphar
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref High
GHSA-wwxp-hxh6-8gf8 was published for binary_vec_io (Rust) Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database