Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

150 advisories

Loading
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
CVE-2026-35353 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Unchecked Return Value Issue Low
CVE-2026-35344 was published for coreutils (Rust) Apr 22, 2026
coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
CVE-2026-35346 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation Low
CVE-2026-35343 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable Low
CVE-2026-35342 was published for coreutils (Rust) Apr 22, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
Wasmtime has host data leakage with 64-bit tables and Winch Low
CVE-2026-34945 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
simonhollingshead Credited to simonhollingshead, ShoyuVanilla, and nbagnard ShoyuVanilla ShoyuVanilla
nbagnard nbagnard
Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths Low
GHSA-3g92-f9ch-qjcm was published for p3-symmetric (Rust) Apr 16, 2026
webpki: Name constraints were accepted for certificates asserting a wildcard name Low
GHSA-xgp8-3hg3-c2mh was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
webpki: Name constraints for URI names were incorrectly accepted Low
GHSA-965h-392x-2mh5 was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
Wasmtime has data leakage between pooling allocator instances Low
CVE-2026-34988 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has use-after-free bug after cloning `wasmtime::Linker` Low
CVE-2026-34983 was published for wasmtime (Rust) Apr 9, 2026
flavio Credited to flavio
Soroban: Muxed address<->ScVal conversions may break after a conversion failure Low
GHSA-pm4j-7r4q-ccg8 was published for soroban-env-host (Rust) Mar 7, 2026
aws-kms-tls-auth vulnerable to memory overallocation Low
GHSA-5whh-4q9j-7v28 was published for aws-kms-tls-auth (Rust) Mar 3, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
Unsoundness in opt-in ARMv8 assembly backend for `keccak` Low
GHSA-3288-p39f-rqpv was published for keccak (Rust) Feb 19, 2026
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Low
CVE-2024-58262 was published for curve25519-dalek (Rust) Jun 18, 2024
sunnypatell Credited to sunnypatell
mnl has segmentation fault and invalid memory read in `mnl::cb_run` Low
GHSA-585q-cm62-757j was published for mnl (Rust) Jan 9, 2026
git2 has potential undefined behavior when dereferencing Buf struct Low
GHSA-j39j-6gw9-jw6h was published for git2 (Rust) Feb 4, 2026
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263 Credited to knqyf263
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech Credited to rand-tech
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database