Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,203 advisories

Loading
mpp has multiple payment bypass and griefing vulnerabilities Critical
GHSA-fxc9-7j2w-vx54 was published for mpp (Rust) Mar 29, 2026
veria-labs Credited to veria-labs
Zebra node crash — V5 transaction hash panic (P2P reachable) Critical
CVE-2026-34202 was published for zebra-chain (Rust) Mar 27, 2026
robustfengbin Credited to robustfengbin, arya2, conradoplg, upbqdn, and alchemydc arya2 arya2
conradoplg conradoplg upbqdn upbqdn alchemydc alchemydc
Apollo Router Core: Browser Bug Enables Bypass of XS-Search Prevention via Read-Only Cross-Site Request Forgery Moderate
GHSA-hff2-gcpx-8f4p was published for apollo-router (Rust) Mar 26, 2026
AmirMSafari Credited to AmirMSafari
libcrux has an Incorrect Check of Signer Response Norm During Verification High
GHSA-cp57-fq8g-qh6v was published for libcrux-ml-dsa (Rust) Mar 26, 2026
libcrux Panics During Standalone MAC Operations High
GHSA-pv9v-5j35-xwcr was published for libcrux-poly1305 (Rust) Mar 26, 2026
libcrux-sha3: Incorrect output from SHAKE squeeze functions High
GHSA-q29p-9pfr-j652 was published for libcrux-sha3 (Rust) Mar 26, 2026
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure High
GHSA-434v-x5qv-pmh6 was published for libcrux-ed25519 (Rust) Mar 26, 2026
libcrux: Panic in Signature Hint Decoding During Verification High
GHSA-xrf2-5r3p-5wgj was published for libcrux-ml-dsa (Rust) Mar 26, 2026
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() Moderate
CVE-2026-33693 was published for activitypub_federation (Rust) Mar 25, 2026
SnailSploit Credited to SnailSploit
webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic Moderate
GHSA-pwjx-qhcg-rvj4 was published for rustls-webpki (Rust) Mar 20, 2026
1seal Credited to 1seal, ctz, and crowlandsimms ctz ctz
crowlandsimms crowlandsimms
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks Moderate
CVE-2026-33056 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium
tar-rs incorrectly ignores PAX size headers if header size is nonzero Moderate
CVE-2026-33055 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium and woodruffw woodruffw woodruffw
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing High
CVE-2026-33241 was published for salvo (Rust) Mar 19, 2026
yshing Credited to yshing
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass High
CVE-2026-33242 was published for salvo (Rust) Mar 19, 2026
tomasilluminati Credited to tomasilluminati
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
astral-tokio-tar insufficiently validates PAX extensions during extraction Moderate
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
CVE-2026-32829 was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process High
CVE-2026-32260 was published for deno (Rust) Mar 13, 2026
rtvkiz Credited to rtvkiz
rs-soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction Moderate
CVE-2026-32322 was published for soroban-sdk (Rust) Mar 13, 2026
leighmcculloch Credited to leighmcculloch
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
Poseidon V1 variable-length input collision via implicit zero-padding High
CVE-2026-32129 was published for soroban-poseidon (Rust) Mar 13, 2026
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation Moderate
GHSA-4cm8-xpfv-jv6f was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database