Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,429
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,680
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
Local settings bypass config trust checks High
CVE-2026-35533 was published for mise (Rust) Apr 7, 2026
kq5y Credited to kq5y
libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion High
CVE-2026-35457 was published for libp2p-rendezvous (Rust) Apr 4, 2026
failuresmith Credited to failuresmith
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers High
CVE-2026-35405 was published for libp2p-rendezvous (Rust) Apr 4, 2026
SilentSobs Credited to SilentSobs
scaly: Multiple soundness issues in Rust safe APIs High
GHSA-2c6h-4899-wjxr was published for scaly (Rust) Apr 4, 2026
Zebra has a Consensus Failure due to Improper Verification of V5 Transactions High
CVE-2026-34377 was published for zebra-consensus (Rust) Mar 30, 2026
conradoplg Credited to conradoplg and alchemydc alchemydc alchemydc
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling High
CVE-2026-34219 was published for libp2p-gossipsub (Rust) Mar 30, 2026
libcrux has an Incorrect Check of Signer Response Norm During Verification High
GHSA-cp57-fq8g-qh6v was published for libcrux-ml-dsa (Rust) Mar 26, 2026
libcrux Panics During Standalone MAC Operations High
GHSA-pv9v-5j35-xwcr was published for libcrux-poly1305 (Rust) Mar 26, 2026
libcrux-sha3: Incorrect output from SHAKE squeeze functions High
GHSA-q29p-9pfr-j652 was published for libcrux-sha3 (Rust) Mar 26, 2026
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure High
GHSA-434v-x5qv-pmh6 was published for libcrux-ed25519 (Rust) Mar 26, 2026
libcrux: Panic in Signature Hint Decoding During Verification High
GHSA-xrf2-5r3p-5wgj was published for libcrux-ml-dsa (Rust) Mar 26, 2026
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing High
CVE-2026-33241 was published for salvo (Rust) Mar 19, 2026
yshing Credited to yshing
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass High
CVE-2026-33242 was published for salvo (Rust) Mar 19, 2026
tomasilluminati Credited to tomasilluminati
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
CVE-2026-32829 was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process High
CVE-2026-32260 was published for deno (Rust) Mar 13, 2026
rtvkiz Credited to rtvkiz
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
Poseidon V1 variable-length input collision via implicit zero-padding High
CVE-2026-32129 was published for soroban-poseidon (Rust) Mar 13, 2026
ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink High
CVE-2026-32232 was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data High
CVE-2026-32231 was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing High
CVE-2026-31812 was published for quinn-proto (Rust) Mar 11, 2026
Pingora vulnerable to cache poisoning via insecure-by-default cache key High
CVE-2026-2836 was published for pingora-cache (Rust) Mar 5, 2026
xclow3n Credited to xclow3n
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database