Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,229 advisories

Loading
thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics High
GHSA-xphw-cqx3-667j was published for thin-vec (Rust) Apr 15, 2026
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
SP1 V6 Recursion Circuit Row-Count Binding Gap High
CVE-2026-40323 was published for sp1_prover (Rust) Apr 14, 2026
nimiq-consensus panics via RequestMacroChain micro-block locator Moderate
CVE-2026-34069 was published for nimiq-consensus (Rust) Apr 13, 2026
jsdanielh Credited to jsdanielh and 1seal 1seal 1seal
nimiq-blockchain is missing a wall-clock upper bound on block timestamps Critical
CVE-2026-40093 was published for nimiq-blockchain (Rust) Apr 10, 2026
Wasmtime has improperly masked return value from `table.grow` with Winch compiler backend Moderate
CVE-2026-35186 was published for wasmtime (Rust) Apr 10, 2026
shumbo Credited to shumbo, bholley, and deian bholley bholley
deian deian
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access Critical
CVE-2026-34987 was published for wasmtime (Rust) Apr 10, 2026
shumbo Credited to shumbo, bholley, and deian bholley bholley
deian deian
Wasmtime has out-of-bounds write or crash when transcoding component model strings Moderate
CVE-2026-35195 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime has data leakage between pooling allocator instances Low
CVE-2026-34988 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has use-after-free bug after cloning `wasmtime::Linker` Low
CVE-2026-34983 was published for wasmtime (Rust) Apr 9, 2026
flavio Credited to flavio
Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift Critical
CVE-2026-34971 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo, bholley, and deian bholley bholley
deian deian
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has host data leakage with 64-bit tables and Winch Low
CVE-2026-34945 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has a possible panic when lifting `flags` component value Moderate
CVE-2026-34943 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding Moderate
CVE-2026-34941 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and deian deian deian
RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration Moderate
CVE-2026-39360 was published for rustfs (Rust) Apr 8, 2026
thesmartshadow Credited to thesmartshadow
Local settings bypass config trust checks High
CVE-2026-35533 was published for mise (Rust) Apr 7, 2026
kq5y Credited to kq5y
netavark has incorrect error handling for malformed tcp packets Moderate
CVE-2026-35406 was published for netavark (Rust) Apr 7, 2026
dkane01 Credited to dkane01
libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion High
CVE-2026-35457 was published for libp2p-rendezvous (Rust) Apr 4, 2026
failuresmith Credited to failuresmith
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers High
CVE-2026-35405 was published for libp2p-rendezvous (Rust) Apr 4, 2026
SilentSobs Credited to SilentSobs
DynFuture Drop Can Construct a Dangling Reference Moderate
GHSA-j3w3-p6mr-3hrh was published for dyn-future (Rust) Apr 4, 2026
scaly: Multiple soundness issues in Rust safe APIs High
GHSA-2c6h-4899-wjxr was published for scaly (Rust) Apr 4, 2026
Zebra has a Consensus Failure due to Improper Verification of V5 Transactions High
CVE-2026-34377 was published for zebra-consensus (Rust) Mar 30, 2026
conradoplg Credited to conradoplg, mpguerra, and alchemydc mpguerra mpguerra
alchemydc alchemydc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database