Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,867
Maven
5,000+
npm
4,488
NuGet
780
pip
4,244
Pub
12
RubyGems
975
Rust
1,096
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,096 advisories

Loading
Duplicate Advisory: Data races in ticketed_lock High
GHSA-gq4h-f254-7cw9 was published for ticketed_lock (Rust) Aug 25, 2021 withdrawn
Duplicate Advisory: Data races on syncpool High
GHSA-r88h-6987-g79f was published for syncpool (Rust) Aug 25, 2021 withdrawn
Duplicate Advisory: Svix vulnerable to improper comparison of different-length signatures Moderate
GHSA-w277-wpqf-rcfv was published for svix (Rust) Feb 6, 2024 withdrawn
Panic mishandled in libpulse-binding High
CVE-2019-25055 was published for libpulse-binding (Rust) Jan 6, 2022
Duplicate Advisory: Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021 withdrawn
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
miniserve affected by a TOCTOU and symlink race vulnerability Moderate
CVE-2025-67124 was published for miniserve (Rust) Jan 23, 2026
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
Credited to emilazy and EliahKagan
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53
Credited to cure53
Use after free in libpulse-binding Moderate
CVE-2018-25001 was published for libpulse-binding (Rust) Feb 3, 2024
Duplicate Advisory: Use after free in libpulse-binding Moderate
GHSA-6gvc-4jvj-pwq4 was published for libpulse-binding (Rust) Aug 30, 2021 withdrawn
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263
Credited to knqyf263
Use After Free in lucet High
CVE-2021-43790 was published for lucet-runtime (Rust) Nov 30, 2021
iximeow acfoltzer
cratelyn aturon alexcrichton aggarwaa
Credited to iximeow, acfoltzer, cratelyn, aturon, alexcrichton, and aggarwaa
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb joshbressers
Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech
Credited to rand-tech
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass High
CVE-2026-22864 was published for deno (Rust) Jan 16, 2026
SharokhAtaie
Credited to SharokhAtaie
Deno node:crypto doesn't finalize cipher Critical
CVE-2026-22863 was published for deno (Rust) Jan 16, 2026
davidebombelli vdata1
reallyTG
Credited to davidebombelli, vdata1, and reallyTG
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
RustCrypto: Signatures has timing side-channel in ML-DSA decomposition Moderate
CVE-2026-22705 was published for ml-dsa (Rust) Jan 13, 2026
tob-scott-a
Credited to tob-scott-a
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE High
CVE-2026-22700 was published for sm2 (Rust) Jan 13, 2026
XlabAITeam tl2cents
GenoWang A7um
Credited to XlabAITeam, tl2cents, GenoWang, and A7um
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam tl2cents
GenoWang A7um
Credited to XlabAITeam, tl2cents, GenoWang, and A7um
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam GenoWang
tl2cents A7um
Credited to XlabAITeam, GenoWang, tl2cents, and A7um
mnl has segmentation fault and invalid memory read in `mnl::cb_run` Low
GHSA-585q-cm62-757j was published for mnl (Rust) Jan 9, 2026
AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value Low
GHSA-g59m-gf8j-gjf5 was published for aws-sdk-accessanalyzer (Rust) Jan 8, 2026
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari mwlik
imenyoo2
Credited to AhmedMokhtari, mwlik, and imenyoo2
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database