Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld Credited to rnijveld and squell squell squell
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
Wasmtime has use-after-free bug after cloning `wasmtime::Linker` Low
CVE-2026-34983 was published for wasmtime (Rust) Apr 9, 2026
flavio Credited to flavio
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen Credited to fitzgen and alexcrichton alexcrichton alexcrichton
Netavark Has Possible DNS Resolve Confusion Low
CVE-2025-8283 was published for netavark (Rust) Jul 28, 2025
diesel-async may expose uninitialized padding bytes for MySQL temporal columns Low
GHSA-ff9q-rm55-q7qr was published for diesel-async (Rust) May 7, 2026
paolobarbolini Credited to paolobarbolini
Kanidm has non-constant-time comparison of OAuth2 client_secret Low
GHSA-53hj-r94p-8c8f was published for kanidm (Rust) May 6, 2026
mbarbero Credited to mbarbero
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed Low
GHSA-22w3-693w-x895 was published for webauthn-authenticator-rs (Rust) May 6, 2026
dorakemon Credited to dorakemon
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks Low
GHSA-xx64-wwv2-hcqq was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
CVE-2026-35381 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Short Circuit Evaluation Issue Low
CVE-2026-35378 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue Low
CVE-2026-35379 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35373 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35375 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils's User Interface (UI) Misrepresents Critical Information Low
CVE-2026-35371 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Permission Assignment for Critical Resource Low
CVE-2026-35367 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Preservation of Permissions issue Low
CVE-2026-35361 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
CVE-2026-35362 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
CVE-2026-35353 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Unchecked Return Value Issue Low
CVE-2026-35344 was published for coreutils (Rust) Apr 22, 2026
coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
CVE-2026-35346 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation Low
CVE-2026-35343 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database