Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

495 advisories

Loading
Lemmy has SSRF in /api/v3/post via Webmention dispatch Moderate
CVE-2026-42180 was published for lemmy_api_common (Rust) Apr 24, 2026
larlarua Credited to larlarua
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory Moderate
CVE-2026-46671 was published for onenote_parser (Rust) May 21, 2026
nimiq-blockchain: Genesis batch set request Moderate
CVE-2026-46543 was published for nimiq-blockchain (Rust) May 21, 2026
Piravlos Credited to Piravlos
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points Moderate
CVE-2026-46542 was published for nimiq-keys (Rust) May 21, 2026
Piravlos Credited to Piravlos and Eligioo Eligioo Eligioo
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty Moderate
CVE-2026-46539 was published for nimiq-primitives (Rust) May 21, 2026
1seal Credited to 1seal
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r, oxarbitrage, conradoplg, and mpguerra oxarbitrage oxarbitrage
conradoplg conradoplg mpguerra mpguerra
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM Moderate
CVE-2026-45792 was published for rtk (Rust) May 20, 2026
afogel Credited to afogel
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function Moderate
GHSA-pfr9-2p92-qrhq was published for dbn (Rust) Oct 9, 2024
DEVSOG12 Credited to DEVSOG12
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers Moderate
CVE-2026-45784 was published for openssl (Rust) May 19, 2026
thesmartshadow Credited to thesmartshadow
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO` Moderate
GHSA-m9p2-fxp5-v3fp was published for diesel (Rust) May 19, 2026
Diesel: Possible unaligned data access for implementations of `SqliteAggregate` Moderate
GHSA-q8x8-jrhj-fh9p was published for diesel (Rust) May 19, 2026
tar-rs incorrectly ignores PAX size headers if header size is nonzero Moderate
CVE-2026-33055 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium, woodruffw, 0xnaka-hax, and 0xNakah woodruffw woodruffw
0xnaka-hax 0xnaka-hax 0xNakah 0xNakah
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding Moderate
CVE-2026-44662 was published for openssl (Rust) May 7, 2026
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution Moderate
GHSA-vfvv-c25p-m7mm was published for rkyv (Rust) May 15, 2026
wasmtime has a panic when allocating a table exceeding the size of the host's address space Moderate
CVE-2026-44216 was published for wasmtime (Rust) May 7, 2026
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin Moderate
CVE-2023-48795 was published for golang.org/x/crypto (Go) Dec 18, 2023
TrueSkrillor Credited to TrueSkrillor, lambdafu, sugar700, and levpachmanov lambdafu lambdafu
sugar700 sugar700 levpachmanov levpachmanov
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior Moderate
CVE-2026-42199 was published for grid (Rust) Apr 24, 2026
ksj1230 Credited to ksj1230
Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image Moderate
CVE-2026-42181 was published for lemmy_api_common (Rust) Apr 24, 2026
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers Moderate
CVE-2026-44500 was published for zebra-chain (Rust) May 7, 2026
Zk-nd3r Credited to Zk-nd3r
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
CVE-2026-41585 was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Steamworks game clients/servers using P2P authentication vulnerable to denial of service Moderate
GHSA-g588-cjg3-6g78 was published for steamworks (Rust) May 11, 2026
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability Moderate
CVE-2026-43868 was published for thrift (Rust) May 5, 2026
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users Moderate
GHSA-qxrw-f6fh-34r7 was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Lemmy may expose private community data through community, saved, liked, and modlog API views Moderate
GHSA-95q8-x6r6-672m was published for lemmy_api (Rust) May 6, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database