Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,357 advisories

Loading
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT High
CVE-2026-40092 was published for nimiq-keys (Rust) May 15, 2026
Piravlos Credited to Piravlos
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files Critical
CVE-2026-45374 was published for deepseek-tui (Rust) May 14, 2026
47Cid Credited to 47Cid
DeepSeek TUI has SSRF‌ IPV6 bypass High
CVE-2026-45373 was published for deepseek-tui (Rust) May 14, 2026
JafarAkhondali Credited to JafarAkhondali
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval Critical
CVE-2026-45311 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool High
CVE-2026-45310 was published for deepseek-tui (npm) May 14, 2026
47Cid Credited to 47Cid
Anchor: `InterfaceAccount` allows account substitution between unexpected types High
GHSA-429q-fhh4-r6hj was published for anchor-lang (Rust) May 13, 2026
acheroncrypto Credited to acheroncrypto
Anchor: Program<'info, System> is not properly validated High
CVE-2026-45137 was published for anchor-lang (Rust) May 13, 2026
Matthias1590 Credited to Matthias1590
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
smallbitvec: Integer overflow in safe API leads to heap buffer overflow High
CVE-2026-44983 was published for smallbitvec (Rust) May 9, 2026
ksj1230 Credited to ksj1230
Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning High
CVE-2026-44499 was published for zebrad (Rust) May 8, 2026
mpguerra Credited to mpguerra
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output Critical
GHSA-pvmv-cwg8-v6c8 was published for zebra-script (Rust) May 8, 2026
sangsoo-osec Credited to sangsoo-osec and fivelittleducks fivelittleducks fivelittleducks
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs Critical
GHSA-cwfq-rfcr-8hmp was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, defuse, and mpguerra defuse defuse
mpguerra mpguerra
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Critical
CVE-2026-44497 was published for zebra-script (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers Moderate
CVE-2026-44500 was published for zebra-chain (Rust) May 7, 2026
Zk-nd3r Credited to Zk-nd3r
Zebra's Block Validator Undercounts Coinbase and P2SH Sigops Critical
CVE-2026-44498 was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, upbqdn, mpguerra, and defuse upbqdn upbqdn
mpguerra mpguerra defuse defuse
imageproc: integer overflow in kernel size check leads to out-of-bounds read Moderate
GHSA-w5p8-4jcx-2j6r was published for imageproc (Rust) May 7, 2026
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling Moderate
GHSA-qg8r-f7x3-25f7 was published for imageproc (Rust) May 7, 2026
imageproc has fragile bounds check when sampling from image Moderate
GHSA-5qv7-j6w5-fr4m was published for imageproc (Rust) May 7, 2026
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression Moderate
GHSA-q2qq-hmj6-3wpp was published for hickory-proto (Rust) May 7, 2026
qifan-sailboat Credited to qifan-sailboat
hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses High
GHSA-3v94-mw7p-v465 was published for hickory-net (Rust) May 7, 2026
rust-zserio has Unbounded Memory Allocation High
GHSA-fpf5-4jw8-67x8 was published for rust-zserio (Rust) May 7, 2026
wasmtime has a panic when allocating a table exceeding the size of the host's address space Moderate
CVE-2026-44216 was published for wasmtime (Rust) May 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database