Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
48
GitHub Actions
48
Go
3,391
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,614
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

455 advisories

Loading
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, tl2cents, and A7um keenanwgn keenanwgn
tl2cents tl2cents A7um A7um
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari Credited to AhmedMokhtari, mwlik, and imenyoo2 mwlik mwlik
imenyoo2 imenyoo2
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names High
CVE-2026-22257 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari Credited to AhmedMokhtari, imenyoo2, and mwlik imenyoo2 imenyoo2
mwlik mwlik
RustFS Path Traversal Vulnerability High
CVE-2025-68705 was published for rustfs (Rust) Jan 7, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid Credited to AsfhtgkDavid
Critical Use-After-Free in Wasmi's Linear Memory High
CVE-2025-66627 was published for wasmi (Rust) Dec 8, 2025
libcrux incorrectly calculates on aarch64 High
GHSA-2cgv-28vr-rv6j was published for libcrux-intrinsics (Rust) Dec 4, 2025
Fidget-Grep Credited to Fidget-Grep
cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures High
CVE-2025-66017 was published for cggmp21 (Rust) Nov 25, 2025
thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS High
CVE-2025-65947 was published for thread-amount (Rust) Nov 21, 2025
jzeuzs Credited to jzeuzs
Apollo Router Affected by an Access Control Bypass on Polymorphic Types High
CVE-2025-64173 was published for apollo-router (Rust) Nov 6, 2025
dariuszkuc Credited to dariuszkuc
Apollo Router Improperly Enforces Renamed Access Control Directives High
CVE-2025-64347 was published for apollo-router (Rust) Nov 6, 2025
sachindshinde Credited to sachindshinde
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects High
CVE-2025-62596 was published for youki (Rust) Nov 5, 2025
saku3 Credited to saku3 and cyphar cyphar cyphar
youki container escape via "masked path" abuse due to mount race conditions High
CVE-2025-62161 was published for youki (Rust) Nov 5, 2025
binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref High
GHSA-wwxp-hxh6-8gf8 was published for binary_vec_io (Rust) Oct 22, 2025
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers tycho tycho
azenla azenla anners anners mnm678 mnm678 zanieb zanieb joshbressers joshbressers
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov Credited to emostov and cr-tk cr-tk cr-tk
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn Credited to howardjohn and alexsnaps alexsnaps alexsnaps
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th Credited to R4356th
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Pingora update for MadeYouReset HTTP/2 vulnerability High
GHSA-393w-9x6h-8gc7 was published for pingora-core (Rust) Sep 17, 2025
galbarnahum Credited to galbarnahum
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor High
GHSA-pfp7-vxgr-83pw was published for toodee (Rust) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database