Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

495 advisories

Loading
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory Moderate
CVE-2026-46671 was published for onenote_parser (Rust) May 21, 2026
nimiq-blockchain: Genesis batch set request Moderate
CVE-2026-46543 was published for nimiq-blockchain (Rust) May 21, 2026
Piravlos Credited to Piravlos
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points Moderate
CVE-2026-46542 was published for nimiq-keys (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers Moderate
CVE-2026-45784 was published for openssl (Rust) May 19, 2026
thesmartshadow Credited to thesmartshadow
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
Diesel: Possible unaligned data access for implementations of `SqliteAggregate` Moderate
GHSA-q8x8-jrhj-fh9p was published for diesel (Rust) May 19, 2026
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers Moderate
CVE-2026-44500 was published for zebra-chain (Rust) May 7, 2026
Zk-nd3r Credited to Zk-nd3r
imageproc: integer overflow in kernel size check leads to out-of-bounds read Moderate
GHSA-w5p8-4jcx-2j6r was published for imageproc (Rust) May 7, 2026
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling Moderate
GHSA-qg8r-f7x3-25f7 was published for imageproc (Rust) May 7, 2026
imageproc has fragile bounds check when sampling from image Moderate
GHSA-5qv7-j6w5-fr4m was published for imageproc (Rust) May 7, 2026
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression Moderate
GHSA-q2qq-hmj6-3wpp was published for hickory-proto (Rust) May 7, 2026
qifan-sailboat Credited to qifan-sailboat
wasmtime has a panic when allocating a table exceeding the size of the host's address space Moderate
CVE-2026-44216 was published for wasmtime (Rust) May 7, 2026
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users Moderate
GHSA-qxrw-f6fh-34r7 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input Moderate
GHSA-84jc-3hj2-hwc7 was published for kanidmd_lib (Rust) May 6, 2026
mbarbero Credited to mbarbero
Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery Moderate
GHSA-gpxg-fx2g-qxj2 was published for kanidm (Rust) May 6, 2026
mbarbero Credited to mbarbero
Lemmy may expose private community data through community, saved, liked, and modlog API views Moderate
GHSA-95q8-x6r6-672m was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Private Lemmy instances expose multi-community metadata without authentication Moderate
GHSA-jmxc-hhwx-gvv3 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
astral-tokio-tar is Vulnerable to PAX Header Desynchronization Moderate
GHSA-fp55-jw48-c537 was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands Moderate
CVE-2026-42184 was published for tauri (Rust) May 6, 2026
grumpinout1 Credited to grumpinout1, chippers, FabianLars, and tweidinger chippers chippers
FabianLars FabianLars tweidinger tweidinger
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database