Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,970
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile` Moderate
GHSA-9ghp-w2hm-vfpf was published for wasmtime-jit-debug (Rust) Jun 17, 2025
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections Moderate
GHSA-v33j-v3x4-42qg was published for hurl (Rust) Jun 11, 2025
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator Moderate
CVE-2025-48937 was published for matrix-sdk-crypto (Rust) Jun 10, 2025
dkasak richvdh
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu vdata1
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy 0f-0b
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables Moderate
CVE-2025-48934 was published for deno (Rust) Jun 4, 2025
frankvd
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop Moderate
GHSA-w443-5h3j-jqcp was published for crossbeam-channel (Rust) May 14, 2025 withdrawn
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
fast_id_map has a soundness issue and is unmaintained Moderate
GHSA-4h96-mv53-2c86 was published for fast_id_map (Rust) May 8, 2025
Mithril snapshots for Cardano database could be compromised by an adversary Moderate
GHSA-qv97-5qr8-2266 was published for mithril-client (Rust) May 7, 2025
tanton_engine has unsound public API Moderate
GHSA-m2xr-2vj4-wh94 was published for tanton_engine (Rust) May 6, 2025
Panic in mp3-metadata due to the lack of bounds checking Moderate
GHSA-927q-g9w9-pm54 was published for mp3-metadata (Rust) Apr 30, 2025
Pleezer resource exhaustion through uncollected hook script processes Moderate
CVE-2025-32439 was published for pleezer (Rust) Apr 14, 2025
MadMarcsen
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB vulnerable to memory exhaustion via nested functions and scripts Moderate
GHSA-m7rc-8w7m-r9qr was published for surrealdb (Rust) Apr 10, 2025
cure53
crossbeam-channel Vulnerable to Double Free on Drop Moderate
CVE-2025-4574 was published for crossbeam-channel (Rust) Apr 10, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use Moderate
GHSA-wr2m-38xh-rpc9 was published for lemmy_server (Rust) Apr 8, 2025
Nothing4You
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
tough terminating targets role delegations are not respected Moderate
CVE-2025-2886 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough root metadata version is not checked for sequential versioning Moderate
CVE-2025-2885 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough timestamp metadata is cached when it fails snapshot rollback check Moderate
CVE-2025-2888 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database