Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds High
CVE-2026-48110 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input Moderate
CVE-2026-48108 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Russh: Unchecked keyboard-interactive prompt count in client auth path Moderate
CVE-2026-48107 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
tar has a PAX header desynchronization issue Moderate
GHSA-3pv8-6f4r-ffg2 was published for tar (Rust) May 29, 2026
woodruffw Credited to woodruffw
astral-tokio-tar has a PAX Header Desynchronization issue Moderate
GHSA-3cv2-h65g-fgmm was published for astral-tokio-tar (Rust) May 29, 2026
woodruffw Credited to woodruffw
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input Moderate
GHSA-84jc-3hj2-hwc7 was published for kanidmd_lib (Rust) May 6, 2026
mbarbero Credited to mbarbero
astral-tokio-tar is Vulnerable to PAX Header Desynchronization Moderate
GHSA-fp55-jw48-c537 was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs High
CVE-2026-42327 was published for openssl (Rust) May 5, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Input Validation Issue in its cut Utility Moderate
CVE-2026-35380 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations Moderate
CVE-2026-35347 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Input Validation issue Moderate
CVE-2026-35369 was published for coreutils (Rust) Apr 22, 2026
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
simonhollingshead Credited to simonhollingshead, ShoyuVanilla, and nbagnard ShoyuVanilla ShoyuVanilla
nbagnard nbagnard
nimiq-blockchain is missing a wall-clock upper bound on block timestamps Critical
CVE-2026-40093 was published for nimiq-blockchain (Rust) Apr 10, 2026
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
Bug fixes in hpke-rs, hpke-rs-rust-crypto High
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
[actix-files] Panic triggered by empty Range header in GET request for static file Moderate
GHSA-gcqf-3g44-vc9p was published for actix-files (Rust) Feb 6, 2026
Diomendius Credited to Diomendius and JohnTitor JohnTitor JohnTitor
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database