Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-account: Vesting insufficient funds error can panic Moderate
CVE-2026-34064 was published for nimiq-account (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
actix-http has HTTP/1.1 CL.TE Request Smuggling Moderate
GHSA-xhj4-vrgc-hr34 was published for actix-http (Rust) Apr 22, 2026
mufeedvh Credited to mufeedvh
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
GHSA-29x4-r6jv-ff4w was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r, conradoplg, and mpguerra conradoplg conradoplg
mpguerra mpguerra
nimiq-consensus panics via RequestMacroChain micro-block locator Moderate
CVE-2026-34069 was published for nimiq-consensus (Rust) Apr 13, 2026
jsdanielh Credited to jsdanielh and 1seal 1seal 1seal
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend Moderate
CVE-2026-35186 was published for wasmtime (Rust) Apr 10, 2026
shumbo Credited to shumbo, bholley, and deian bholley bholley
deian deian
Wasmtime has out-of-bounds write or crash when transcoding component model strings Moderate
CVE-2026-35195 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has a possible panic when lifting `flags` component value Moderate
CVE-2026-34943 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding Moderate
CVE-2026-34941 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and deian deian deian
RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration Moderate
CVE-2026-39360 was published for rustfs (Rust) Apr 8, 2026
thesmartshadow Credited to thesmartshadow
netavark has incorrect error handling for malformed tcp packets Moderate
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
DynFuture Drop Can Construct a Dangling Reference Moderate
GHSA-j3w3-p6mr-3hrh was published for dyn-future (Rust) Apr 4, 2026
Apollo Router Core: Browser Bug Enables Bypass of XS-Search Prevention via Read-Only Cross-Site Request Forgery Moderate
GHSA-hff2-gcpx-8f4p was published for apollo-router (Rust) Mar 26, 2026
AmirMSafari Credited to AmirMSafari
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() Moderate
CVE-2026-33693 was published for activitypub_federation (Rust) Mar 25, 2026
SnailSploit Credited to SnailSploit
webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic Moderate
GHSA-pwjx-qhcg-rvj4 was published for rustls-webpki (Rust) Mar 20, 2026
1seal Credited to 1seal, ctz, and crowlandsimms ctz ctz
crowlandsimms crowlandsimms
tar-rs `unpack_in` can chmod arbitrary directories by following symlinks Moderate
CVE-2026-33056 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium
tar-rs incorrectly ignores PAX size headers if header size is nonzero Moderate
CVE-2026-33055 was published for tar (Rust) Mar 20, 2026
xokdvium Credited to xokdvium and woodruffw woodruffw woodruffw
astral-tokio-tar insufficiently validates PAX extensions during extraction Moderate
CVE-2026-32766 was published for astral-tokio-tar (Rust) Mar 17, 2026
woodruffw Credited to woodruffw and xokdvium xokdvium xokdvium
rs-soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction Moderate
CVE-2026-32322 was published for soroban-sdk (Rust) Mar 13, 2026
leighmcculloch Credited to leighmcculloch
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation Moderate
GHSA-4cm8-xpfv-jv6f was published for zeptoclaw (Rust) Mar 12, 2026
zpbrent Credited to zpbrent
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database