WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,068 advisories

Loading
frost-core: refresh shares with smaller min_signers will reduce security of group Moderate
CVE-2025-58359 was published for frost-core (Rust) Sep 3, 2025
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor High
GHSA-pfp7-vxgr-83pw was published for toodee (Rust) Sep 9, 2025
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Credited to poljar
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi
Credited to rasendubi
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
serde_yml crate is unsound and unmaintained Moderate
GHSA-hhw4-xg65-fp2x was published for serde_yml (Rust) Sep 15, 2025
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
Tonic has remotely exploitable denial of service vulnerability Moderate
CVE-2024-47609 was published for tonic (Rust) Oct 1, 2024
jayvdb
Credited to jayvdb
Pingora update for MadeYouReset HTTP/2 vulnerability High
GHSA-393w-9x6h-8gc7 was published for pingora-core (Rust) Sep 17, 2025
galbarnahum
Credited to galbarnahum
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
crossbeam-channel Vulnerable to Double Free on Drop Moderate
CVE-2025-4574 was published for crossbeam-channel (Rust) Apr 10, 2025
hoerup
Credited to hoerup
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Credited to kearfy
OpenMLS improper persistence of the secret tree during message processing Moderate
GHSA-qr9h-x63w-vqfm was published for openmls (Rust) Sep 26, 2025
erdoganege fatihergin
Credited to erdoganege and fatihergin
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` Critical
CVE-2025-61588 was published for risc0-aggregation (Rust) Oct 1, 2025
MongoDB Rust driver may issue unintended commands Moderate
CVE-2024-6382 was published for mongodb (Rust) Jul 2, 2024
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera
Credited to dellalibera
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database