Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,194 advisories

Loading
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices Low
GHSA-h5j3-crg5-8jqm was published for orx-pinned-vec (Rust) Oct 21, 2025
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers tycho tycho
azenla azenla anners anners mnm678 mnm678 zanieb zanieb joshbressers joshbressers
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov Credited to emostov and cr-tk cr-tk cr-tk
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt Credited to kxxt
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn Credited to howardjohn and alexsnaps alexsnaps alexsnaps
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th Credited to R4356th
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera Credited to dellalibera
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera Credited to dellalibera
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` Critical
CVE-2025-61588 was published for risc0-aggregation (Rust) Oct 1, 2025
OpenMLS improper persistence of the secret tree during message processing Moderate
GHSA-qr9h-x63w-vqfm was published for openmls (Rust) Sep 26, 2025
erdoganege Credited to erdoganege and fatihergin fatihergin fatihergin
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown Credited to calebbrown, woodruffw, charliermarsh, and zanieb woodruffw woodruffw
charliermarsh charliermarsh zanieb zanieb
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
Pingora update for MadeYouReset HTTP/2 vulnerability High
GHSA-393w-9x6h-8gc7 was published for pingora-core (Rust) Sep 17, 2025
galbarnahum Credited to galbarnahum
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
serde_yml crate is unsound and unmaintained Moderate
GHSA-hhw4-xg65-fp2x was published for serde_yml (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi Credited to rasendubi
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy Credited to kearfy
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar Credited to poljar
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor High
GHSA-pfp7-vxgr-83pw was published for toodee (Rust) Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database