Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,653
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,860
Pub
13
RubyGems
1,050
Rust
1,304
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,304 advisories

Loading
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
`mysten-metrics` was removed from crates.io for malicious code Critical
GHSA-g38r-8gmr-ghrf was published for mysten-metrics (Rust) May 4, 2026
`sui-execution-cut` was removed from crates.io for malicious code Critical
GHSA-qprh-m6p3-hwxc was published for sui-execution-cut (Rust) May 4, 2026
Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation High
GHSA-83hf-93m4-rgwq was published for hickory-recursor (Rust) Apr 30, 2026
qifan-sailboat Credited to qifan-sailboat
rustls-webpki: Denial of service via panic on malformed CRL BIT STRING High
GHSA-82j2-j2ch-gfr8 was published for rustls-webpki (Rust) Apr 24, 2026
tynus3 Credited to tynus3
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior Moderate
CVE-2026-42199 was published for grid (Rust) Apr 24, 2026
ksj1230 Credited to ksj1230
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler High
CVE-2026-42189 was published for russh (Rust) Apr 24, 2026
coreyleavitt Credited to coreyleavitt
Lemmy has SSRF in /api/v3/post via Webmention dispatch Moderate
CVE-2026-42180 was published for lemmy_api_common (Rust) Apr 24, 2026
Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image Moderate
CVE-2026-42181 was published for lemmy_api_common (Rust) Apr 24, 2026
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 High
CVE-2026-41676 was published for openssl (Rust) Apr 22, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
rust-openssl has incorrect bounds assertion in aes key wrap High
CVE-2026-41678 was published for openssl (Rust) Apr 22, 2026
rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check High
CVE-2026-41681 was published for openssl (Rust) Apr 22, 2026
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer High
CVE-2026-41898 was published for openssl (Rust) Apr 22, 2026
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks High
CVE-2026-40937 was published for rustfs (Rust) Apr 22, 2026
kodareef5 Credited to kodareef5
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-account: Vesting insufficient funds error can panic Moderate
CVE-2026-34064 was published for nimiq-account (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
uutils coreutils has an Incorrect Authorization issue Moderate
CVE-2026-35370 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2026-35376 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Short Circuit Evaluation Issue Low
CVE-2026-35378 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a UNIX Symbolic Link (Symlink) Following issue Moderate
CVE-2026-35372 was published for coreutils (Rust) Apr 22, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database