Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,373 advisories

Loading
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host Critical
CVE-2026-46703 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
BoxLite: Permission Bypass Allows Modification of Read-Only Files Critical
CVE-2026-46695 was published for @boxlite-ai/boxlite (Go) May 21, 2026
XlabAITeam Credited to XlabAITeam
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory Moderate
CVE-2026-46671 was published for onenote_parser (Rust) May 21, 2026
Russh: Unchecked CryptoVec allocation and growth handling is reachable High
CVE-2026-46673 was published for russh (Rust) May 21, 2026
mjc Credited to mjc
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss High
CVE-2026-46654 was published for p3-challenger (Rust) May 21, 2026
jonathanpwang Credited to jonathanpwang and zlangley zlangley zlangley
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item High
CVE-2026-46545 was published for nimiq-primitives (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-blockchain: Genesis batch set request Moderate
CVE-2026-46543 was published for nimiq-blockchain (Rust) May 21, 2026
Piravlos Credited to Piravlos
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points Moderate
CVE-2026-46542 was published for nimiq-keys (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r, oxarbitrage, conradoplg, and mpguerra oxarbitrage oxarbitrage
conradoplg conradoplg mpguerra mpguerra
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function Moderate
GHSA-pfr9-2p92-qrhq was published for dbn (Rust) Oct 9, 2024
DEVSOG12 Credited to DEVSOG12
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
rmcp Streamable HTTP server transport has a DNS rebinding vulnerability High
CVE-2026-42559 was published for rmcp (Rust) May 6, 2026
JLLeitschuh Credited to JLLeitschuh
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers Moderate
CVE-2026-45784 was published for openssl (Rust) May 19, 2026
thesmartshadow Credited to thesmartshadow
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
Diesel: Possible unaligned data access for implementations of `SqliteAggregate` Moderate
GHSA-q8x8-jrhj-fh9p was published for diesel (Rust) May 19, 2026
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case High
GHSA-fhvh-vw7h-9xf3 was published for libcrux-ml-dsa (Rust) May 19, 2026
libcrux: Potential Panic on Overlong Ciphertext Buffer High
GHSA-hc3c-63hc-2r9f was published for libcrux-chacha20poly1305 (Rust) May 19, 2026
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints High
CVE-2022-36124 was published for apache-avro (Rust) Aug 10, 2022
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion High
CVE-2026-46689 was published for kanidm_proto (Rust) May 6, 2026
mbarbero Credited to mbarbero
tar-rs incorrectly ignores PAX size headers if header size is nonzero Moderate
CVE-2026-33055 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium, woodruffw, 0xnaka-hax, and 0xNakah woodruffw woodruffw
0xnaka-hax 0xnaka-hax 0xNakah 0xNakah
Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning High
CVE-2026-44499 was published for zebrad (Rust) May 8, 2026
upbqdn Credited to upbqdn and mpguerra mpguerra mpguerra
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs Critical
GHSA-cwfq-rfcr-8hmp was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, defuse, mpguerra, and upbqdn defuse defuse
mpguerra mpguerra upbqdn upbqdn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database