Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing High
CVE-2026-31812 was published for quinn-proto (Rust) Mar 11, 2026
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing High
CVE-2025-62370 was published for alloy-dyn-abi (Rust) Oct 15, 2025
emostov Credited to emostov and cr-tk cr-tk cr-tk
SurrealDB has uncaught exception in Net module that leads to database crash High
GHSA-rq86-9m6r-cm3g was published for surrealdb (Rust) Apr 10, 2025
castilho101 Credited to castilho101
Uncaught Panic in ORML Rewards Pallet High
GHSA-5v93-9mqw-p9mh was published for orml-rewards (Rust) Feb 14, 2025
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd Credited to invd, hko-s, dignifiedquire, and link2xt hko-s hko-s
dignifiedquire dignifiedquire link2xt link2xt
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings High
GHSA-qjrv-v6qp-x99x was published for surrealdb (Rust) Oct 8, 2024
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects High
CVE-2024-43367 was published for boa_engine (Rust) Aug 14, 2024
ctcpip Credited to ctcpip, arai-a, jedel1043, jasonwilliams, and nekevss arai-a arai-a
jedel1043 jedel1043 jasonwilliams jasonwilliams nekevss nekevss
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 Credited to sno2 and gferon gferon gferon
Panic mishandled in libpulse-binding High
CVE-2019-25055 was published for libpulse-binding (Rust) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database