Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,093 advisories

Loading
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass High
CVE-2026-22864 was published for deno (Rust) Jan 16, 2026
SharokhAtaie
Credited to SharokhAtaie
Deno node:crypto doesn't finalize cipher Critical
CVE-2026-22863 was published for deno (Rust) Jan 16, 2026
davidebombelli vdata1
reallyTG
Credited to davidebombelli, vdata1, and reallyTG
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech
Credited to rand-tech
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
RustCrypto: Signatures has timing side-channel in ML-DSA decomposition Moderate
CVE-2026-22705 was published for ml-dsa (Rust) Jan 13, 2026
tob-scott-a
Credited to tob-scott-a
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE High
CVE-2026-22700 was published for sm2 (Rust) Jan 13, 2026
XlabAITeam tl2cents
GenoWang A7um
Credited to XlabAITeam, tl2cents, GenoWang, and A7um
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt() High
CVE-2026-22699 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam
Credited to XlabAITeam
mnl has segmentation fault and invalid memory read in `mnl::cb_run` Low
GHSA-585q-cm62-757j was published for mnl (Rust) Jan 9, 2026
AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value Low
GHSA-g59m-gf8j-gjf5 was published for aws-sdk-accessanalyzer (Rust) Jan 8, 2026
Salvo is vulnerable to reflected XSS in the list_html function High
CVE-2026-22256 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari mwlik
imenyoo2
Credited to AhmedMokhtari, mwlik, and imenyoo2
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names High
CVE-2026-22257 was published for salvo (Rust) Jan 8, 2026
AhmedMokhtari imenyoo2
mwlik
Credited to AhmedMokhtari, imenyoo2, and mwlik
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting Moderate
CVE-2026-22043 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation Moderate
CVE-2026-22042 was published for rustfs (Rust) Jan 8, 2026
Threonine
Credited to Threonine
`IterMut` violates Stacked Borrows by invalidating internal pointer Low
GHSA-rhfx-m35p-ff5j was published for lru (Rust) Jan 7, 2026
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b enitmar
Credited to max-r-b and enitmar
RustFS Path Traversal Vulnerability High
CVE-2025-68705 was published for rustfs (Rust) Jan 7, 2026
rsa crate has potential panic on a prime being equal to 1 Low
CVE-2026-21895 was published for rsa (Rust) Jan 6, 2026
invd
Credited to invd
gix-date can create non-utf8 string with `TimeBuf::as_str` Moderate
GHSA-6mw6-mj76-grwc was published for gix-date (Rust) Jan 5, 2026
theshit vulnerable to unsafe loading of user-owned Python rules when running as root High
CVE-2025-69257 was published for theshit (Rust) Dec 30, 2025
AsfhtgkDavid
Credited to AsfhtgkDavid
RustFS has a gRPC Hardcoded Token Authentication Bypass Critical
CVE-2025-68926 was published for rustfs (Rust) Dec 30, 2025
ruint affected by unsoundness of safe `reciprocal_mg10` Moderate
GHSA-9fjq-45qv-pcm7 was published for ruint (Rust) Dec 26, 2025
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short Moderate
CVE-2025-67897 was published for sequoia-openpgp (Rust) Dec 14, 2025
sd changes the group ownership of the source file Moderate
CVE-2025-65807 was published for sd (Rust) Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database