Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,373 advisories

Loading
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host Critical
CVE-2026-46703 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
BoxLite: Permission Bypass Allows Modification of Read-Only Files Critical
CVE-2026-46695 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory Moderate
CVE-2026-46671 was published for onenote_parser (Rust) May 21, 2026
Russh: Unchecked CryptoVec allocation and growth handling is reachable High
CVE-2026-46673 was published for russh (Rust) May 21, 2026
mjc Credited to mjc
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss High
CVE-2026-46654 was published for p3-challenger (Rust) May 21, 2026
jonathanpwang Credited to jonathanpwang and zlangley zlangley zlangley
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item High
CVE-2026-46545 was published for nimiq-primitives (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-blockchain: Genesis batch set request Moderate
CVE-2026-46543 was published for nimiq-blockchain (Rust) May 21, 2026
Piravlos Credited to Piravlos
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points Moderate
CVE-2026-46542 was published for nimiq-keys (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers Moderate
CVE-2026-45784 was published for openssl (Rust) May 19, 2026
thesmartshadow Credited to thesmartshadow
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
Diesel: Possible unaligned data access for implementations of `SqliteAggregate` Moderate
GHSA-q8x8-jrhj-fh9p was published for diesel (Rust) May 19, 2026
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case High
GHSA-fhvh-vw7h-9xf3 was published for libcrux-ml-dsa (Rust) May 19, 2026
libcrux: Potential Panic on Overlong Ciphertext Buffer High
GHSA-hc3c-63hc-2r9f was published for libcrux-chacha20poly1305 (Rust) May 19, 2026
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport High
GHSA-fvh2-gm75-j4j7 was published for dynoxide (npm) May 18, 2026
hicksy Credited to hicksy
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT High
CVE-2026-40092 was published for nimiq-keys (Rust) May 15, 2026
Piravlos Credited to Piravlos
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files Critical
CVE-2026-45374 was published for deepseek-tui (Rust) May 14, 2026
47Cid Credited to 47Cid
DeepSeek TUI has SSRF‌ IPV6 bypass High
CVE-2026-45373 was published for deepseek-tui (Rust) May 14, 2026
JafarAkhondali Credited to JafarAkhondali
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval Critical
CVE-2026-45311 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool High
CVE-2026-45310 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database