Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

166 advisories

Loading
diesel-async may expose uninitialized padding bytes for MySQL temporal columns Low
GHSA-ff9q-rm55-q7qr was published for diesel-async (Rust) May 7, 2026
paolobarbolini Credited to paolobarbolini
Kanidm has non-constant-time comparison of OAuth2 client_secret Low
GHSA-53hj-r94p-8c8f was published for kanidm (Rust) May 6, 2026
mbarbero Credited to mbarbero
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed Low
GHSA-22w3-693w-x895 was published for webauthn-authenticator-rs (Rust) May 6, 2026
dorakemon Credited to dorakemon
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks Low
GHSA-xx64-wwv2-hcqq was published for astral-tokio-tar (Rust) May 6, 2026
LawnGnome Credited to LawnGnome and woodruffw woodruffw woodruffw
sequoia-git has broken hard revocation handling Low
GHSA-g27r-r6ph-vf5r was published for sequoia-git (Rust) May 4, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
uutils coreutils has an Incorrect Provision of Specified Functionality Issue Low
CVE-2026-35379 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Input Validation Issue in its env Utility Low
CVE-2026-35377 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility Low
CVE-2026-35381 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils's User Interface (UI) Misrepresents Critical Information Low
CVE-2026-35371 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35373 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Handling of Unicode Encoding Issue Low
CVE-2026-35375 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Short Circuit Evaluation Issue Low
CVE-2026-35378 was published for coreutils (Rust) Apr 22, 2026
coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines Low
CVE-2026-35346 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
CVE-2026-35353 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition Low
CVE-2026-35362 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Preservation of Permissions issue Low
CVE-2026-35361 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Incorrect Permission Assignment for Critical Resource Low
CVE-2026-35367 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Unchecked Return Value Issue Low
CVE-2026-35344 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation Low
CVE-2026-35343 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable Low
CVE-2026-35342 was published for coreutils (Rust) Apr 22, 2026
Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths Low
GHSA-3g92-f9ch-qjcm was published for p3-symmetric (Rust) Apr 16, 2026
webpki: Name constraints were accepted for certificates asserting a wildcard name Low
GHSA-xgp8-3hg3-c2mh was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database