Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

390 advisories

Loading
binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref High
GHSA-wwxp-hxh6-8gf8 was published for binary_vec_io (Rust) Oct 22, 2025
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb
Credited to woodruffw, tycho, azenla, anners, mnm678, and zanieb
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov cr-tk
Credited to emostov and cr-tk
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Pingora update for MadeYouReset HTTP/2 vulnerability High
GHSA-393w-9x6h-8gc7 was published for pingora-core (Rust) Sep 17, 2025
galbarnahum
Credited to galbarnahum
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor High
GHSA-pfp7-vxgr-83pw was published for toodee (Rust) Sep 9, 2025
arenavec has multiple memory corruption vulnerabilities in safe APIs High
GHSA-3632-54q8-m96x was published for arenavec (Rust) Sep 2, 2025
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. High
CVE-2025-54867 was published for youki (Rust) Aug 14, 2025
saku3 utam0k
Credited to saku3 and utam0k
quiche connection ID retirement can trigger an infinite loop High
CVE-2025-7054 was published for quiche (Rust) Aug 7, 2025
catenacyber
Credited to catenacyber
vproxy Divide by Zero DoS Vulnerability High
CVE-2025-54581 was published for vproxy (Rust) Jul 30, 2025
bronallo-bd
Credited to bronallo-bd
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs High
GHSA-7mcq-f592-pf7v was published for slice-deque (Rust) Jul 16, 2025
Pingora has a Request Smuggling Vulnerability High
CVE-2025-4366 was published for pingora-core (Rust) Jun 20, 2025
Duplicate Advisory: users may append `root` to group listings High
GHSA-jq8x-v7jw-v675 was published for users (Rust) Jun 6, 2025 withdrawn
users may append `root` to group listings High
CVE-2025-5791 was published for users (Rust) Jun 5, 2025
Deno's AES GCM authentication tags are not verified High
CVE-2025-24015 was published for deno (Rust) Jun 4, 2025
canislupaster
Credited to canislupaster
Arrow2 allows out of bounds access in public safe API High
GHSA-wv8j-m3hx-924j was published for arrow2 (Rust) May 30, 2025
Duplicate Advisory: Pingora Request Smuggling and Cache Poisoning High
GHSA-3qmp-g57h-rxf2 was published for pingora-core (Rust) May 22, 2025 withdrawn
macroquad vulnerable to multiple soundness issues High
GHSA-gg76-hg3v-5q6c was published for macroquad (Rust) May 15, 2025
OpenVM allows the byte decomposition of pc in AUIPC chip to overflow High
CVE-2025-46723 was published for openvm (Rust) May 5, 2025
jonathanpwang
Credited to jonathanpwang
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database