Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-21486 was published for deno (Rust) Jun 5, 2025
cristianstaicu vdata1
users may append `root` to group listings Moderate
GHSA-m65q-v92h-cm7q was published for users (Rust) Jun 5, 2025
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy 0f-0b
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables Moderate
CVE-2025-48934 was published for deno (Rust) Jun 4, 2025
frankvd
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop Moderate
GHSA-w443-5h3j-jqcp was published for crossbeam-channel (Rust) May 14, 2025 withdrawn
ring has some AES functions that may panic when overflow checking is enabled in Moderate
CVE-2025-4432 was published for ring (Rust) May 9, 2025
fast_id_map has a soundness issue and is unmaintained Moderate
GHSA-4h96-mv53-2c86 was published for fast_id_map (Rust) May 8, 2025
Mithril snapshots for Cardano database could be compromised by an adversary Moderate
GHSA-qv97-5qr8-2266 was published for mithril-client (Rust) May 7, 2025
tanton_engine has unsound public API Moderate
GHSA-m2xr-2vj4-wh94 was published for tanton_engine (Rust) May 6, 2025
Panic in mp3-metadata due to the lack of bounds checking Moderate
GHSA-927q-g9w9-pm54 was published for mp3-metadata (Rust) Apr 30, 2025
Pleezer resource exhaustion through uncollected hook script processes Moderate
CVE-2025-32439 was published for pleezer (Rust) Apr 14, 2025
MadMarcsen
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF) Moderate
GHSA-5q9x-554g-9jgg was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB vulnerable to memory exhaustion via nested functions and scripts Moderate
GHSA-m7rc-8w7m-r9qr was published for surrealdb (Rust) Apr 10, 2025
cure53
crossbeam-channel Vulnerable to Double Free on Drop Moderate
CVE-2025-4574 was published for crossbeam-channel (Rust) Apr 10, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use Moderate
GHSA-wr2m-38xh-rpc9 was published for lemmy_server (Rust) Apr 8, 2025
Nothing4You
Jujutsu does not have SHA-1 collision detection Moderate
GHSA-794x-2rpg-rfgr was published for jj-cli (Rust) Apr 7, 2025
emilazy
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch` Moderate
GHSA-4fcv-w3qc-ppgg was published for openssl (Rust) Apr 4, 2025
gitoxide does not detect SHA-1 collision attacks Moderate
CVE-2025-31130 was published for gitoxide (Rust) Apr 4, 2025
emilazy EliahKagan
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability Moderate
CVE-2024-13941 was published for ouch (Rust) Apr 1, 2025
tough terminating targets role delegations are not respected Moderate
CVE-2025-2886 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough root metadata version is not checked for sequential versioning Moderate
CVE-2025-2885 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough timestamp metadata is cached when it fails snapshot rollback check Moderate
CVE-2025-2888 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
tough failure to detect delegated target rollback Moderate
CVE-2025-2887 was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API. Moderate
GHSA-9cc5-2pq7-hfj8 was published for xmas-elf (Rust) Mar 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database