Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,430
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,680
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
Local settings bypass config trust checks High
CVE-2026-35533 was published for mise (Rust) Apr 7, 2026
kq5y Credited to kq5y
libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion High
CVE-2026-35457 was published for libp2p-rendezvous (Rust) Apr 4, 2026
failuresmith Credited to failuresmith
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers High
CVE-2026-35405 was published for libp2p-rendezvous (Rust) Apr 4, 2026
SilentSobs Credited to SilentSobs
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling High
CVE-2026-34219 was published for libp2p-gossipsub (Rust) Mar 30, 2026
scaly: Multiple soundness issues in Rust safe APIs High
GHSA-2c6h-4899-wjxr was published for scaly (Rust) Apr 4, 2026
Zebra has a Consensus Failure due to Improper Verification of V5 Transactions High
CVE-2026-34377 was published for zebra-consensus (Rust) Mar 30, 2026
conradoplg Credited to conradoplg and alchemydc alchemydc alchemydc
libcrux has an Incorrect Check of Signer Response Norm During Verification High
GHSA-cp57-fq8g-qh6v was published for libcrux-ml-dsa (Rust) Mar 26, 2026
libcrux Panics During Standalone MAC Operations High
GHSA-pv9v-5j35-xwcr was published for libcrux-poly1305 (Rust) Mar 26, 2026
libcrux-sha3: Incorrect output from SHAKE squeeze functions High
GHSA-q29p-9pfr-j652 was published for libcrux-sha3 (Rust) Mar 26, 2026
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure High
GHSA-434v-x5qv-pmh6 was published for libcrux-ed25519 (Rust) Mar 26, 2026
libcrux: Panic in Signature Hint Decoding During Verification High
GHSA-xrf2-5r3p-5wgj was published for libcrux-ml-dsa (Rust) Mar 26, 2026
Bug fixes in hpke-rs, hpke-rs-rust-crypto High
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing High
CVE-2026-33241 was published for salvo (Rust) Mar 19, 2026
yshing Credited to yshing
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass High
CVE-2026-33242 was published for salvo (Rust) Mar 19, 2026
tomasilluminati Credited to tomasilluminati
AWS-LC has PKCS7_verify Signature Validation Bypass High
GHSA-hfpc-8r3f-gw53 was published for aws-lc-sys (Rust) Mar 3, 2026
AWS-LC has Timing Side-Channel in AES-CCM Tag Verification High
GHSA-65p9-r9h6-22vj was published for aws-lc-fips-sys (Rust) Mar 3, 2026
AWS-LC has PKCS7_verify Certificate Chain Validation Bypass High
GHSA-vw5v-4f2q-w9xf was published for aws-lc-sys (Rust) Mar 3, 2026
Gossipsub PRUNE.backoff Duration Overflow High
CVE-2026-33040 was published for libp2p-gossipsub (Rust) Mar 18, 2026
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
CVE-2026-32829 was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Yamux vulnerable to remote Panic via malformed WindowUpdate credit High
CVE-2026-31814 was published for yamux (Rust) Mar 13, 2026
Mio's tokens for named pipes may be delivered after deregistration High
CVE-2024-27308 was published for mio (Rust) Mar 4, 2024
rofoun Credited to rofoun and radekvit radekvit radekvit
Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process High
CVE-2026-32260 was published for deno (Rust) Mar 13, 2026
rtvkiz Credited to rtvkiz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database