Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,021 advisories

Loading
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2025-27498 was published for ascon_aead (Rust) Mar 3, 2025
thealtofwar
Some AES functions may panic when overflow checking is enabled in ring Moderate
GHSA-4p46-pwfr-66x6 was published for ring (Rust) Mar 7, 2025
qcp has possible crash/DOS in some build configurations Moderate
GHSA-fmwf-c46w-r8qm was published for qcp (Rust) Mar 8, 2025
Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service High
CVE-2023-33289 was published for urlnorm (Rust) Jun 21, 2023 withdrawn
ntpd NTS client denial of service via wrongly sized cookies Moderate
GHSA-v83q-83hj-rw38 was published for ntpd (Rust) Feb 28, 2025
rzaba0
gurk (aka gurk-rs) mishandles ANSI escape sequences Moderate
CVE-2025-30089 was published for gurk (Rust) Mar 17, 2025
Malayke
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods Low
CVE-2025-27512 was published for zincati (Rust) Mar 17, 2025
jlebon
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Pr0methean
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form High
CVE-2025-30160 was published for redlib (Rust) Mar 21, 2025
Tokarak
Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66 Moderate
CVE-2025-27612 was published for libcontainer (Rust) Mar 21, 2025
YJDoc2 utam0k
jprendes
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
pared Vulnerable to Use After Free in `Parc` and `Prc` Due to Missing Lifetime Constraints Moderate
GHSA-vgmh-mqm4-8j88 was published for pared (Rust) Mar 24, 2025
Web Push Denial of Service via malicious Web Push endpoint Moderate
GHSA-fc83-9jwq-gc2m was published for web-push (Rust) Mar 24, 2025
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API. Moderate
GHSA-9cc5-2pq7-hfj8 was published for xmas-elf (Rust) Mar 26, 2025
Tor path lengths too short when "full Vanguards" configured Moderate
CVE-2024-35313 was published for arti (Rust) May 18, 2024
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
cassandra-rs's non-idiomatic use of iterators leads to use after free High
CVE-2024-27284 was published for cassandra-cpp (Rust) Apr 5, 2024
CastleQuirm kw217
angusi bossmc
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
PyO3 Risk of buffer overflow in `PyString::from_object` Low
GHSA-pph8-gcv7-4qj5 was published for pyo3 (Rust) Apr 2, 2025
tough failure to detect delegated target rollback Moderate
CVE-2025-2887 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough timestamp metadata is cached when it fails snapshot rollback check Moderate
CVE-2025-2888 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough cyclic delegation graphs are not detected Low
GHSA-j8x2-777p-23fc was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough terminating targets role delegations are not respected Moderate
CVE-2025-2886 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough root metadata version is not checked for sequential versioning Moderate
CVE-2025-2885 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database