GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Moderate
CVE-2024-40648
was published
for
matrix-sdk-crypto
(Rust)
Jul 18, 2024
Deno run with --allow-read and --deny-read flags results in allowed
Moderate
CVE-2025-48888
was published
for
deno
(Rust)
Jun 4, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Moderate
CVE-2025-48935
was published
for
deno
(Rust)
Jun 4, 2025
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
Moderate
CVE-2025-11060
was published
for
SurrealDB
(Rust)
Sep 11, 2025
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
Moderate
GHSA-98f8-j56x-2hh4
was published
for
surrealdb
(Rust)
Sep 26, 2025
•
withdrawn
uutils coreutils has an Incorrect Authorization issue
Moderate
CVE-2026-35370
was published
for
coreutils
(Rust)
Apr 22, 2026
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Moderate
CVE-2026-47128
was published
for
nono-cli
(Rust)
May 28, 2026
Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access
Moderate
CVE-2026-49983
was published
for
deno
(Rust)
Jun 16, 2026
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals
Moderate
GHSA-hv6h-hc26-q48p
was published
for
surrealdb
(Rust)
Jun 19, 2026
SurrealDB: Scraping a TABLE with no available PERMISSIONS to current auth level
Moderate
GHSA-98fx-66cf-fc7c
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: Graph traversal bypasses table SELECT permissions
Moderate
GHSA-vjjx-rfw4-rmfc
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB has an Authorization Bypass via Composite Record-id Paths
Moderate
GHSA-6vg3-hgrw-p5gf
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB has bypass of field-level SELECT permissions through JSON Patch `copy` and `move` with empty `from`
Moderate
GHSA-fpxg-5xmv-922m
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions
Moderate
GHSA-6wqw-vhfr-9999
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: USE NS/DB implicit creation bypasses DEFINE authorization
Moderate
GHSA-wp87-mgvq-5j93
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: Field-level SELECT permissions bypassed via indexed COUNT fast paths
Moderate
GHSA-c8jx-96c9-8xrp
was published
for
surrealdb
(Rust)
Jul 1, 2026
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted
Moderate
CVE-2026-49997
was published
for
surrealdb
(Rust)
Jul 1, 2026
ProTip!
Advisories are also available from the
GraphQL API