Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

960 advisories

Loading
Pingora Request Smuggling and Cache Poisoning High
CVE-2025-4366 was published for pingora-core (Rust) May 22, 2025
macroquad vulnerable to multiple soundness issues High
GHSA-gg76-hg3v-5q6c was published for macroquad (Rust) May 15, 2025
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop Moderate
GHSA-w443-5h3j-jqcp was published for crossbeam-channel (Rust) May 14, 2025 withdrawn
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others Low
CVE-2025-46718 was published for sudo-rs (Rust) May 13, 2025
zonia3000 squell
bjorn3
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders Low
CVE-2025-46717 was published for sudo-rs (Rust) May 13, 2025
squell rnijveld
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input Low
CVE-2025-47736 was published for libsql-sqlite3-parser (Rust) May 9, 2025
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
fast_id_map has a soundness issue and is unmaintained Moderate
GHSA-4h96-mv53-2c86 was published for fast_id_map (Rust) May 8, 2025
scanner has a Public API without sufficient bounds checking Low
GHSA-79m9-55jc-p6mw was published for scanner (Rust) May 7, 2025
Mithril snapshots for Cardano database could be compromised by an adversary Moderate
GHSA-qv97-5qr8-2266 was published for mithril-client (Rust) May 7, 2025
Redox UEFI Safe API can cause heap-buffer-overflow Low
GHSA-58xc-hpvq-8473 was published for redox_uefi_std (Rust) May 6, 2025
tanton_engine has unsound public API Moderate
GHSA-m2xr-2vj4-wh94 was published for tanton_engine (Rust) May 6, 2025
OpenVM allows the byte decomposition of pc in AUIPC chip to overflow High
CVE-2025-46723 was published for openvm (Rust) May 5, 2025
jonathanpwang
obfstr Type Confusion vulnerability Low
CVE-2024-58253 was published for obfstr (Rust) May 2, 2025
Panic in mp3-metadata due to the lack of bounds checking Moderate
GHSA-927q-g9w9-pm54 was published for mp3-metadata (Rust) Apr 30, 2025
Pleezer resource exhaustion through uncollected hook script processes Moderate
CVE-2025-32439 was published for pleezer (Rust) Apr 14, 2025
MadMarcsen
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB CPU exhaustion via custom functions result in total DoS High
GHSA-pxw4-94j3-v9pf was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB no JavaScript script function default timeout could facilitate DoS Low
GHSA-3824-qmfq-2qv7 was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB memory exhaustion via string::replace using regex High
GHSA-3633-g6mg-p6qq was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB server-takeover via SurrealQL injection on backup import Critical
GHSA-ccj3-5p93-8p42 was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB has local file read of 2-column TSV files via analyzers Low
GHSA-2cvj-g5r5-jrrg was published for surrealdb (Rust) Apr 10, 2025
cure53
SurrealDB vulnerable to memory exhaustion via nested functions and scripts Moderate
GHSA-m7rc-8w7m-r9qr was published for surrealdb (Rust) Apr 10, 2025
cure53
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database