Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,893
Erlang
38
GitHub Actions
38
Go
2,552
Maven
5,000+
npm
4,224
NuGet
746
pip
3,998
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,041 advisories

Loading
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events Low
GHSA-6fgx-x7m2-74qm was published for tracexec (Rust) Oct 13, 2025
kxxt
Credited to kxxt
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
cel-rust May Panic During Parsing of Invalid CEL Expressions High
CVE-2025-62162 was published for cel (Rust) Oct 11, 2025
howardjohn alexsnaps
Credited to howardjohn and alexsnaps
Deno is Vulnerable to Command Injection on Windows During Batch File Execution High
CVE-2025-61787 was published for deno (Rust) Oct 8, 2025
R4356th
Credited to R4356th
Deno's --deny-read check does not prevent permission bypass Low
CVE-2025-61786 was published for deno (Rust) Oct 8, 2025
dellalibera
Credited to dellalibera
FuelVM is vulnerable to heap memory allocation re-use bug High
GHSA-2pgj-5cv2-6xxw was published for fuel-vm (Rust) Oct 8, 2025
wrflib has a soundness issue and is unmaintained Low
GHSA-466c-pfvv-v83g was published for wrflib (Rust) Oct 3, 2025
NLnet Labs’ Routinator vulnerable to path traversal Critical
CVE-2023-39916 was published for routinator (Rust) Sep 13, 2023
MongoDB Rust driver may issue unintended commands Moderate
CVE-2024-6382 was published for mongodb (Rust) Jul 2, 2024
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` Critical
CVE-2025-61588 was published for risc0-aggregation (Rust) Oct 1, 2025
OpenMLS improper persistence of the secret tree during message processing Moderate
GHSA-qr9h-x63w-vqfm was published for openmls (Rust) Sep 26, 2025
erdoganege fatihergin
Credited to erdoganege and fatihergin
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Credited to kearfy
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
crossbeam-channel Vulnerable to Double Free on Drop Moderate
CVE-2025-4574 was published for crossbeam-channel (Rust) Apr 10, 2025
hoerup
Credited to hoerup
astral-tokio-tar has a path traversal in tar extraction Moderate
CVE-2025-59825 was published for astral-tokio-tar (Rust) Sep 23, 2025
calebbrown woodruffw
charliermarsh zanieb
Credited to calebbrown, woodruffw, charliermarsh, and zanieb
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal Low
GHSA-mm7x-qfjj-5g2c was published for ammonia (Rust) Sep 22, 2025
Pingora update for MadeYouReset HTTP/2 vulnerability High
GHSA-393w-9x6h-8gc7 was published for pingora-core (Rust) Sep 17, 2025
galbarnahum
Credited to galbarnahum
Tonic has remotely exploitable denial of service vulnerability Moderate
CVE-2024-47609 was published for tonic (Rust) Oct 1, 2024
jayvdb
Credited to jayvdb
FUSE-Rust: Uninitalized memory read and leak caused by fuser crate High
GHSA-cvmj-47v9-35m9 was published for fuser (Rust) Sep 15, 2025
serde_yml crate is unsound and unmaintained Moderate
GHSA-hhw4-xg65-fp2x was published for serde_yml (Rust) Sep 15, 2025
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained High
GHSA-gfxp-f68g-8x78 was published for libyml (Rust) Sep 15, 2025
fast-able is vulnerable to DoS attack through insecure method High
GHSA-95hm-pr6q-298w was published for fast-able (Rust) Sep 15, 2025
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi
Credited to rasendubi
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar
Credited to poljar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database