Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

408 advisories

Loading
rPGP's integrity protection of encrypted data was not always checked Moderate
GHSA-c7ph-f7jm-xv4w was published for pgp (Rust) Feb 13, 2026
Bug fixes in hpke-rs, hpke-rs-rust-crypto Moderate
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Moderate
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
nadimkobeissi
Credited to nadimkobeissi
SurrealDB vulnerable to Denial of Service through scripting function memory edge case Moderate
GHSA-xx7m-69ff-9crp was published for surrealdb (Rust) Feb 12, 2026
LucyEgan
Credited to LucyEgan
[actix-files] Panic triggered by empty Range header in GET request for static file Moderate
GHSA-gcqf-3g44-vc9p was published for actix-files (Rust) Feb 6, 2026
Diomendius JohnTitor
Credited to Diomendius and JohnTitor
actix-files has a possible exposure of information vulnerability Moderate
GHSA-8v2v-wjwg-vx6r was published for actix-files (Rust) Feb 6, 2026
Angelmmiguel JohnTitor
Credited to Angelmmiguel and JohnTitor
time vulnerable to stack exhaustion Denial of Service attack Moderate
CVE-2026-25727 was published for time (Rust) Feb 5, 2026
kroemeke jhpratt
Credited to kroemeke and jhpratt
bytes has integer overflow in BytesMut::reserve Moderate
CVE-2026-25541 was published for bytes (Rust) Feb 3, 2026
ksj1230 Darksonn
seanmonstar
Credited to ksj1230, Darksonn, and seanmonstar
jsonwebtoken has Type Confusion that leads to potential authorization bypass Moderate
CVE-2026-25537 was published for jsonwebtoken (Rust) Feb 3, 2026
Kr1shna4garwal
Credited to Kr1shna4garwal
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang
Credited to cchheang
ml-dsa's UseHint function has off by two error when r0 equals zero Moderate
GHSA-h37v-hp6w-2pp8 was published for ml-dsa (Rust) Feb 2, 2026
XoifaiI
Credited to XoifaiI
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 Moderate
CVE-2026-24889 was published for soroban-sdk (Rust) Jan 28, 2026
leighmcculloch jayz22
dmkozh kanwalpreetd
Credited to leighmcculloch, jayz22, dmkozh, and kanwalpreetd
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov
Credited to orenyomtov
Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64 Moderate
CVE-2026-24116 was published for wasmtime (Rust) Jan 27, 2026
louismerlin
Credited to louismerlin
Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
GHSA-8rgq-m2pm-jvmg was published for gix-date (Rust) Jan 26, 2026 withdrawn
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
RustCrypto: Signatures has timing side-channel in ML-DSA decomposition Moderate
CVE-2026-22705 was published for ml-dsa (Rust) Jan 13, 2026
tob-scott-a
Credited to tob-scott-a
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation Moderate
CVE-2026-22042 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
CVE-2026-0810 was published for gix-date (Rust) Jan 5, 2026
ruint affected by unsoundness of safe `reciprocal_mg10` Moderate
GHSA-9fjq-45qv-pcm7 was published for ruint (Rust) Dec 26, 2025
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short Moderate
CVE-2025-67897 was published for sequoia-openpgp (Rust) Dec 14, 2025
sd changes the group ownership of the source file Moderate
CVE-2025-65807 was published for sd (Rust) Dec 10, 2025
Static Web Server vulnerable to a symbolic link path traversal Moderate
CVE-2025-67487 was published for static-web-server (Rust) Dec 8, 2025
joseluisq
Credited to joseluisq
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database