Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

404 advisories

Loading
[actix-files] Panic triggered by empty Range header in GET request for static file Moderate
GHSA-gcqf-3g44-vc9p was published for actix-files (Rust) Feb 6, 2026
Diomendius JohnTitor
Credited to Diomendius and JohnTitor
actix-files has a possible exposure of information vulnerability Moderate
GHSA-8v2v-wjwg-vx6r was published for actix-files (Rust) Feb 6, 2026
Angelmmiguel JohnTitor
Credited to Angelmmiguel and JohnTitor
time vulnerable to stack exhaustion Denial of Service attack Moderate
CVE-2026-25727 was published for time (Rust) Feb 5, 2026
kroemeke jhpratt
Credited to kroemeke and jhpratt
bytes has integer overflow in BytesMut::reserve Moderate
CVE-2026-25541 was published for bytes (Rust) Feb 3, 2026
ksj1230 Darksonn
seanmonstar
Credited to ksj1230, Darksonn, and seanmonstar
jsonwebtoken has Type Confusion that leads to potential authorization bypass Moderate
CVE-2026-25537 was published for jsonwebtoken (Rust) Feb 3, 2026
Kr1shna4garwal
Credited to Kr1shna4garwal
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang
Credited to cchheang
ml-dsa's UseHint function has off by two error when r0 equals zero Moderate
GHSA-h37v-hp6w-2pp8 was published for ml-dsa (Rust) Feb 2, 2026
XoifaiI
Credited to XoifaiI
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 Moderate
CVE-2026-24889 was published for soroban-sdk (Rust) Jan 28, 2026
leighmcculloch jayz22
dmkozh kanwalpreetd
Credited to leighmcculloch, jayz22, dmkozh, and kanwalpreetd
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov
Credited to orenyomtov
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64 Moderate
CVE-2026-24116 was published for wasmtime (Rust) Jan 27, 2026
louismerlin
Credited to louismerlin
Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
GHSA-8rgq-m2pm-jvmg was published for gix-date (Rust) Jan 26, 2026 withdrawn
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
RustCrypto: Signatures has timing side-channel in ML-DSA decomposition Moderate
CVE-2026-22705 was published for ml-dsa (Rust) Jan 13, 2026
tob-scott-a
Credited to tob-scott-a
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation Moderate
CVE-2026-22042 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
CVE-2026-0810 was published for gix-date (Rust) Jan 5, 2026
ruint affected by unsoundness of safe `reciprocal_mg10` Moderate
GHSA-9fjq-45qv-pcm7 was published for ruint (Rust) Dec 26, 2025
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short Moderate
CVE-2025-67897 was published for sequoia-openpgp (Rust) Dec 14, 2025
sd changes the group ownership of the source file Moderate
CVE-2025-65807 was published for sd (Rust) Dec 10, 2025
Static Web Server vulnerable to a symbolic link path traversal Moderate
CVE-2025-67487 was published for static-web-server (Rust) Dec 8, 2025
joseluisq
Credited to joseluisq
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator Moderate
GHSA-xrv8-2pf5-f3q7 was published for nitro-tpm-pcr-compute (Rust) Dec 5, 2025
agraf mariusknaust
Credited to agraf and mariusknaust
sudo-rs doesn't record authenticating user properly in timestamp Moderate
CVE-2025-64517 was published for sudo-rs (Rust) Nov 13, 2025
Pingasmaster bjorn3
squell
Credited to Pingasmaster, bjorn3, and squell
ncurses exposes uninitialized memory in string reading functions Moderate
GHSA-x77x-7mmh-cxv3 was published for ncurses (Rust) Oct 22, 2025
OpenMLS improper persistence of the secret tree during message processing Moderate
GHSA-qr9h-x63w-vqfm was published for openmls (Rust) Sep 26, 2025
erdoganege fatihergin
Credited to erdoganege and fatihergin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database