Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

959 advisories

Loading
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use Moderate
GHSA-wr2m-38xh-rpc9 was published for lemmy_server (Rust) Apr 8, 2025
Nothing4You
Tokio broadcast channel calls clone in parallel, but does not require `Sync` Low
GHSA-rr8g-9fpq-6wmg was published for tokio (Rust) Apr 7, 2025
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell` Critical
CVE-2025-31477 was published for @tauri-apps/plugin-shell (npm) Apr 2, 2025
Rigidity tweidinger
chippers lucasfernog
tough root metadata version is not checked for sequential versioning Moderate
CVE-2025-2885 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough terminating targets role delegations are not respected Moderate
CVE-2025-2886 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough cyclic delegation graphs are not detected Low
GHSA-j8x2-777p-23fc was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough timestamp metadata is cached when it fails snapshot rollback check Moderate
CVE-2025-2888 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough failure to detect delegated target rollback Moderate
CVE-2025-2887 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
PyO3 Risk of buffer overflow in `PyString::from_object` Low
GHSA-pph8-gcv7-4qj5 was published for pyo3 (Rust) Apr 2, 2025
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API. Moderate
GHSA-9cc5-2pq7-hfj8 was published for xmas-elf (Rust) Mar 26, 2025
Web Push Denial of Service via malicious Web Push endpoint Moderate
GHSA-fc83-9jwq-gc2m was published for web-push (Rust) Mar 24, 2025
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints Moderate
GHSA-vgmh-mqm4-8j88 was published for pared (Rust) Mar 24, 2025
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66 Moderate
CVE-2025-27612 was published for libcontainer (Rust) Mar 21, 2025
YJDoc2 utam0k
jprendes
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database