GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,716
Erlang
35
GitHub Actions
29
Go
2,304
Maven
5,000+
npm
3,946
NuGet
711
pip
3,719
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
964 advisories
Filter by severity
SCSIR has a Potential Unsound Issue in WriteSameCommand
Low
CVE-2025-48756
was published
for
scsir
(Rust)
May 24, 2025
Process Sync has a Potential Unsound Issue in SharedMutex
Low
CVE-2025-48752
was published
for
process-sync
(Rust)
May 24, 2025
process_lock has a Potential Unsound issue in unlock
Low
CVE-2025-48751
was published
for
process_lock
(Rust)
May 24, 2025
Use after free in actix-service
Moderate
CVE-2020-35899
was published
for
actix-service
(Rust)
Aug 25, 2021
Use-after-free in actix-codec
Critical
CVE-2020-35902
was published
for
actix-codec
(Rust)
Aug 25, 2021
Use after free in actix-utils
Critical
CVE-2020-35898
was published
for
actix-utils
(Rust)
Aug 25, 2021
Pingora Request Smuggling and Cache Poisoning
High
CVE-2025-4366
was published
for
pingora-core
(Rust)
May 22, 2025
TunnelVision - decloaking VPNs using DHCP
Moderate
GHSA-hqmp-g7ph-x543
was published
for
quincy
(Rust)
Dec 27, 2024
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Low
GHSA-66fw-43h8-f8p3
was published
for
xmp_toolkit
(Rust)
Jul 26, 2024
crossbeam-channel Vulnerable to Double Free on Drop
Moderate
CVE-2025-4574
was published
for
crossbeam-channel
(Rust)
Apr 10, 2025
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop
Moderate
GHSA-w443-5h3j-jqcp
was published
for
crossbeam-channel
(Rust)
May 14, 2025
•
withdrawn
macroquad vulnerable to multiple soundness issues
High
GHSA-gg76-hg3v-5q6c
was published
for
macroquad
(Rust)
May 15, 2025
Missing connection timeout in Aardvark-dns
High
CVE-2024-8418
was published
for
aardvark-dns
(Rust)
Sep 4, 2024
libwebp: OOB write in BuildHuffmanTable
High
CVE-2023-4863
was published
for
Pillow
(Go)
Sep 12, 2023
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Low
CVE-2025-46718
was published
for
sudo-rs
(Rust)
May 13, 2025
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
Low
CVE-2025-46717
was published
for
sudo-rs
(Rust)
May 13, 2025
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
ring has some AES functions that may panic when overflow checking is enabled in
Moderate
CVE-2025-4432
was published
for
ring
(Rust)
May 9, 2025
trailer mishandles allocating with a size of zero
Low
CVE-2025-47737
was published
for
trailer
(Rust)
May 9, 2025
libsql-sqlite3-parser crash due to invalid UTF-8 input
Low
CVE-2025-47736
was published
for
libsql-sqlite3-parser
(Rust)
May 9, 2025
fast_id_map has a soundness issue and is unmaintained
Moderate
GHSA-4h96-mv53-2c86
was published
for
fast_id_map
(Rust)
May 8, 2025
scanner has a Public API without sufficient bounds checking
Low
GHSA-79m9-55jc-p6mw
was published
for
scanner
(Rust)
May 7, 2025
ProTip!
Advisories are also available from the
GraphQL API