GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Sandbox bypass leading to arbitrary code execution in Deno
Critical
CVE-2022-24783
was published
for
deno
(Rust)
Mar 29, 2022
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
High
CVE-2024-34346
was published
for
deno
(Rust)
May 8, 2024
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Low
CVE-2025-27512
was published
for
zincati
(Rust)
Mar 17, 2025
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
High
GHSA-6jrf-4jv4-r9mw
was published
for
tendermint-light-client-verifier
(Rust)
Apr 9, 2025
Deno run with --allow-read and --deny-read flags results in allowed
Moderate
CVE-2025-48888
was published
for
deno
(Rust)
Jun 4, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Moderate
CVE-2025-48935
was published
for
deno
(Rust)
Jun 4, 2025
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
Moderate
GHSA-7vm2-j586-vcvc
was published
for
SurrealDB
(Rust)
Sep 11, 2025
ProTip!
Advisories are also available from the
GraphQL API