Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others Low
CVE-2025-46718 was published for sudo-rs (Rust) May 13, 2025
zonia3000 squell
bjorn3
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders Low
CVE-2025-46717 was published for sudo-rs (Rust) May 13, 2025
squell rnijveld
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
rnijveld
trailer mishandles allocating with a size of zero Low
CVE-2025-47737 was published for trailer (Rust) May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input Low
CVE-2025-47736 was published for libsql-sqlite3-parser (Rust) May 9, 2025
wgp race condition in inner::drop Low
CVE-2025-47735 was published for wgp (Rust) May 9, 2025
scanner has a Public API without sufficient bounds checking Low
GHSA-79m9-55jc-p6mw was published for scanner (Rust) May 7, 2025
Redox UEFI Safe API can cause heap-buffer-overflow Low
GHSA-58xc-hpvq-8473 was published for redox_uefi_std (Rust) May 6, 2025
obfstr Type Confusion vulnerability Low
CVE-2024-58253 was published for obfstr (Rust) May 2, 2025
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment Low
CVE-2024-30266 was published for wasmtime (Rust) Apr 2, 2024
ShinWonho
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations Low
CVE-2024-47813 was published for wasmtime (Rust) Oct 9, 2024
fitzgen alexcrichton
Wasmtime doesn't fully sandbox all the Windows device filenames Low
CVE-2024-51745 was published for wasmtime (Rust) Nov 5, 2024
nathaniel-daniel
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 Low
CVE-2023-41880 was published for wasmtime (Rust) Sep 14, 2023
afonso360
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360
wasmtime_trap_code C API function has out of bounds write vulnerability Low
CVE-2022-39394 was published for wasmtime (Rust) Feb 1, 2024
kpreisser
SurrealDB no JavaScript script function default timeout could facilitate DoS Low
GHSA-3824-qmfq-2qv7 was published for surrealdb (Rust) Apr 11, 2025
cure53
SurrealDB has local file read of 2-column TSV files via analyzers Low
GHSA-2cvj-g5r5-jrrg was published for surrealdb (Rust) Apr 10, 2025
cure53
Tokio broadcast channel calls clone in parallel, but does not require `Sync` Low
GHSA-rr8g-9fpq-6wmg was published for tokio (Rust) Apr 7, 2025
tough cyclic delegation graphs are not detected Low
GHSA-j8x2-777p-23fc was published for tough (Rust) Mar 28, 2025
jku AdamKorcz
PyO3 Risk of buffer overflow in `PyString::from_object` Low
GHSA-pph8-gcv7-4qj5 was published for pyo3 (Rust) Apr 2, 2025
array-init-cursor is unsound when used with types that implement `Drop` Low
GHSA-67r5-rqwv-9p9q was published for array-init-cursor (Rust) Mar 31, 2025
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods Low
CVE-2025-27512 was published for zincati (Rust) Mar 17, 2025
jlebon
Fyrox has unsound usages of `Vec::from_raw_parts` Low
GHSA-h7h7-6mx3-r89v was published for fyrox-core (Rust) Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database