Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,429
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,680
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,212 advisories

Loading
Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames Moderate
CVE-2026-27480 was published for static-web-server (Rust) Feb 20, 2026
naoyashiga Credited to naoyashiga and joseluisq joseluisq joseluisq
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process High
CVE-2026-27190 was published for deno (Rust) Feb 19, 2026
jackhax Credited to jackhax
PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature High
GHSA-47qc-857f-7w7f was published for pyo3 (Rust) Feb 19, 2026
Unsoundness in opt-in ARMv8 assembly backend for `keccak` Low
GHSA-3288-p39f-rqpv was published for keccak (Rust) Feb 19, 2026
Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass High
CVE-2026-26275 was published for httpsig-hyper (Rust) Feb 17, 2026
divi255 Credited to divi255
The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide High
CVE-2026-26267 was published for soroban-sdk-macros (Rust) Feb 17, 2026
leighmcculloch Credited to leighmcculloch, mootz12, nan-zellic, and dmkozh mootz12 mootz12
nan-zellic nan-zellic dmkozh dmkozh
`polymarket-client-sdks` was removed from crates.io for malicious code Critical
GHSA-p5vf-5754-x7p3 was published for polymarket-client-sdks (Rust) Feb 13, 2026
rPGP's integrity protection of encrypted data was not always checked Moderate
GHSA-c7ph-f7jm-xv4w was published for pgp (Rust) Feb 13, 2026
rPGP affected by crash in message handling for deeply nested messages High
GHSA-8h58-w33p-wq3g was published for pgp (Rust) Feb 13, 2026
invd Credited to invd
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895 High
GHSA-7587-4wv6-m68m was published for pgp (Rust) Feb 13, 2026
invd Credited to invd
Bug fixes in hpke-rs, hpke-rs-rust-crypto High
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
SurrealDB vulnerable to Denial of Service through scripting function memory edge case Moderate
GHSA-xx7m-69ff-9crp was published for surrealdb (Rust) Feb 12, 2026
LucyEgan Credited to LucyEgan
`sha-rst` was removed from crates.io for malicious code Critical
GHSA-vgr2-r5hm-f6gf was published for sha-rst (Rust) Feb 12, 2026
`finch_cli_rust` was removed from crates.io for malicious code Critical
GHSA-6v2j-vr4h-f632 was published for finch_cli_rust (Rust) Feb 12, 2026
`finch-rst` was removed from crates.io for malicious code Critical
GHSA-xp79-9mxw-878j was published for finch-rst (Rust) Feb 12, 2026
`uniswap-utils` was removed from crates.io for malicious code Critical
GHSA-x468-phr8-h3p3 was published for uniswap-utils (Rust) Feb 6, 2026
`sha-rust` was removed from crates.io for malicious code Critical
GHSA-3mmg-7c2q-8938 was published for sha-rust (Rust) Feb 6, 2026
`finch-rust` was removed from crates.io for malicious code Critical
GHSA-f8h5-x737-x4xr was published for finch-rust (Rust) Feb 6, 2026
`polymarket-clients-sdk` was removed from crates.io for malicious code Critical
GHSA-382q-fpqh-29f7 was published for polymarket-clients-sdk (Rust) Feb 6, 2026
`evm-units` was removed from crates.io for malicious code Critical
GHSA-6662-54xr-8423 was published for evm-units (Rust) Feb 6, 2026
[actix-files] Panic triggered by empty Range header in GET request for static file Moderate
GHSA-gcqf-3g44-vc9p was published for actix-files (Rust) Feb 6, 2026
Diomendius Credited to Diomendius and JohnTitor JohnTitor JohnTitor
actix-files has a possible exposure of information vulnerability Moderate
GHSA-8v2v-wjwg-vx6r was published for actix-files (Rust) Feb 6, 2026
Angelmmiguel Credited to Angelmmiguel and JohnTitor JohnTitor JohnTitor
qdrant has arbitrary file write via `/logger` endpoint High
CVE-2026-25628 was published for qdrant (Rust) Feb 5, 2026
Ezzer17 Credited to Ezzer17
time vulnerable to stack exhaustion Denial of Service attack Moderate
CVE-2026-25727 was published for time (Rust) Feb 5, 2026
kroemeke Credited to kroemeke and jhpratt jhpratt jhpratt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database