Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

487 advisories

Loading
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers Moderate
CVE-2026-44500 was published for zebra-chain (Rust) May 7, 2026
Zk-nd3r Credited to Zk-nd3r
imageproc: integer overflow in kernel size check leads to out-of-bounds read Moderate
GHSA-w5p8-4jcx-2j6r was published for imageproc (Rust) May 7, 2026
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling Moderate
GHSA-qg8r-f7x3-25f7 was published for imageproc (Rust) May 7, 2026
imageproc has fragile bounds check when sampling from image Moderate
GHSA-5qv7-j6w5-fr4m was published for imageproc (Rust) May 7, 2026
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression Moderate
GHSA-q2qq-hmj6-3wpp was published for hickory-proto (Rust) May 7, 2026
qifan-sailboat Credited to qifan-sailboat
wasmtime has a panic when allocating a table exceeding the size of the host's address space Moderate
CVE-2026-44216 was published for wasmtime (Rust) May 7, 2026
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users Moderate
GHSA-qxrw-f6fh-34r7 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input Moderate
GHSA-84jc-3hj2-hwc7 was published for kanidmd_lib (Rust) May 6, 2026
mbarbero Credited to mbarbero
Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery Moderate
GHSA-gpxg-fx2g-qxj2 was published for kanidm (Rust) May 6, 2026
mbarbero Credited to mbarbero
Lemmy may expose private community data through community, saved, liked, and modlog API views Moderate
GHSA-95q8-x6r6-672m was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Private Lemmy instances expose multi-community metadata without authentication Moderate
GHSA-jmxc-hhwx-gvv3 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
astral-tokio-tar is Vulnerable to PAX Header Desynchronization Moderate
GHSA-fp55-jw48-c537 was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands Moderate
CVE-2026-42184 was published for tauri (Rust) May 6, 2026
grumpinout1 Credited to grumpinout1, chippers, FabianLars, and tweidinger chippers chippers
FabianLars FabianLars tweidinger tweidinger
gix-transport: HTTP credentials leaked to redirected host in curl backend Moderate
GHSA-9857-6mw7-fq2m was published for gix-transport (Rust) May 5, 2026
sammiee5311 Credited to sammiee5311
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability Moderate
CVE-2026-43868 was published for thrift (Rust) May 5, 2026
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior Moderate
CVE-2026-42199 was published for grid (Rust) Apr 24, 2026
ksj1230 Credited to ksj1230
Lemmy has SSRF in /api/v3/post via Webmention dispatch Moderate
CVE-2026-42180 was published for lemmy_api_common (Rust) Apr 24, 2026
Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image Moderate
CVE-2026-42181 was published for lemmy_api_common (Rust) Apr 24, 2026
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-account: Vesting insufficient funds error can panic Moderate
CVE-2026-34064 was published for nimiq-account (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database