Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

526 advisories

Loading
uv is vulnerable to arbitrary file write through entry point names Moderate
GHSA-4gg8-gxpx-9rph was published for uv (pip) May 29, 2026
zsol Credited to zsol and zanieb zanieb zanieb
tar has a PAX header desynchronization issue Moderate
GHSA-3pv8-6f4r-ffg2 was published for tar (Rust) May 29, 2026
woodruffw Credited to woodruffw
astral-tokio-tar has a PAX Header Desynchronization issue Moderate
GHSA-3cv2-h65g-fgmm was published for astral-tokio-tar (Rust) May 29, 2026
woodruffw Credited to woodruffw
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race Moderate
CVE-2026-46690 was published for unbounded-spsc (Rust) May 29, 2026
berkant-koc Credited to berkant-koc
Shamefile has an arbitrary file read via shamefile.yaml in shame next Moderate
CVE-2026-47144 was published for shamefile (npm) May 28, 2026
BKDDFS Credited to BKDDFS
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` Moderate
CVE-2026-47128 was published for nono-cli (Rust) May 28, 2026
cgwalters Credited to cgwalters and NickCao NickCao NickCao
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory Moderate
CVE-2026-46671 was published for onenote_parser (Rust) May 21, 2026
nimiq-blockchain: Genesis batch set request Moderate
CVE-2026-46543 was published for nimiq-blockchain (Rust) May 21, 2026
Piravlos Credited to Piravlos
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points Moderate
CVE-2026-46542 was published for nimiq-keys (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers Moderate
CVE-2026-45784 was published for openssl (Rust) May 19, 2026
thesmartshadow Credited to thesmartshadow
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
Diesel: Possible unaligned data access for implementations of `SqliteAggregate` Moderate
GHSA-q8x8-jrhj-fh9p was published for diesel (Rust) May 19, 2026
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers Moderate
CVE-2026-44500 was published for zebra-chain (Rust) May 7, 2026
Zk-nd3r Credited to Zk-nd3r
imageproc: integer overflow in kernel size check leads to out-of-bounds read Moderate
GHSA-w5p8-4jcx-2j6r was published for imageproc (Rust) May 7, 2026
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling Moderate
GHSA-qg8r-f7x3-25f7 was published for imageproc (Rust) May 7, 2026
imageproc has fragile bounds check when sampling from image Moderate
GHSA-5qv7-j6w5-fr4m was published for imageproc (Rust) May 7, 2026
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression Moderate
GHSA-q2qq-hmj6-3wpp was published for hickory-proto (Rust) May 7, 2026
qifan-sailboat Credited to qifan-sailboat
wasmtime has a panic when allocating a table exceeding the size of the host's address space Moderate
CVE-2026-44216 was published for wasmtime (Rust) May 7, 2026
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users Moderate
GHSA-qxrw-f6fh-34r7 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database