Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r and mpguerra mpguerra mpguerra
libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion High
CVE-2026-35457 was published for libp2p-rendezvous (Rust) Apr 4, 2026
failuresmith Credited to failuresmith
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers High
CVE-2026-35405 was published for libp2p-rendezvous (Rust) Apr 4, 2026
SilentSobs Credited to SilentSobs
Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing High
CVE-2026-33241 was published for salvo (Rust) Mar 19, 2026
yshing Credited to yshing
stellar-xdr's StringM::from_str bypasses max length validation Moderate
CVE-2026-29795 was published for stellar-xdr (Rust) Mar 5, 2026
leighmcculloch Credited to leighmcculloch
Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance Moderate
CVE-2026-27572 was published for wasmtime (Rust) Feb 24, 2026
alexcrichton Credited to alexcrichton
Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion Moderate
CVE-2026-27204 was published for wasmtime (Rust) Feb 24, 2026
mbund Credited to mbund, alexcrichton, and pchickey alexcrichton alexcrichton
pchickey pchickey
letmein connection limiter allows an arbitrary amount of simultaneous connections Moderate
CVE-2025-52570 was published for letmeind (Rust) Jun 23, 2025
Duplicate Advisory: ring has some AES functions that may panic when overflow checking is enabled in Moderate
GHSA-c86p-w88r-qvqr was published for ring (Rust) May 9, 2025 withdrawn
SurrealDB no JavaScript script function default timeout could facilitate DoS Low
GHSA-3824-qmfq-2qv7 was published for surrealdb (Rust) Apr 11, 2025
cure53 Credited to cure53
Apollo Compiler Named Fragment Processing Vulnerability High
CVE-2025-31496 was published for apollo-compiler (Rust) Apr 7, 2025
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing High
CVE-2025-32380 was published for apollo-router (Rust) Apr 7, 2025
yo-artyom Credited to yo-artyom
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion High
CVE-2025-32034 was published for apollo-router (Rust) Apr 7, 2025
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass High
CVE-2025-32032 was published for apollo-router (Rust) Apr 7, 2025
Web Push Denial of Service via malicious Web Push endpoint Moderate
GHSA-fc83-9jwq-gc2m was published for web-push (Rust) Mar 24, 2025
Crash due to uncontrolled recursion in protobuf crate Moderate
CVE-2025-53605 was published for protobuf (Rust) Mar 7, 2025
morningstarxcdcode Credited to morningstarxcdcode
Some AES functions may panic when overflow checking is enabled in ring Moderate
CVE-2025-4432 was published for ring (Rust) Mar 7, 2025
Namada-apps allows Excessive Computation in Mempool Validation Critical
GHSA-f8qm-hmm3-fv7f was published for namada-apps (Rust) Feb 20, 2025
feliam Credited to feliam
Namada-apps can Crash with Excessive Computation in Mempool Validation Critical
GHSA-82vg-5v4f-f9wq was published for namada-apps (Rust) Feb 20, 2025
feliam Credited to feliam
rPGP Potential Resource Exhaustion when handling Untrusted Messages High
CVE-2024-53857 was published for pgp (Rust) Dec 5, 2024
invd Credited to invd, hko-s, link2xt, and dignifiedquire hko-s hko-s
link2xt link2xt dignifiedquire dignifiedquire
zlib-rs stack overflow during decompression with malicious input Moderate
GHSA-j3px-q95c-9683 was published for libz-rs-sys (Rust) Nov 14, 2024
inahga Credited to inahga
async-graphql Directive Overload High
CVE-2024-47614 was published for async-graphql (Rust) Oct 3, 2024
MindPatch Credited to MindPatch
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies High
CVE-2024-43783 was published for apollo-router (Rust) Aug 27, 2024
Miniscript allows stack consumption Moderate
CVE-2024-44073 was published for miniscript (Rust) Aug 19, 2024
apoelstra Credited to apoelstra
Russh has an OOM Denial of Service due to allocation of untrusted amount High
CVE-2024-43410 was published for russh (Rust) Aug 14, 2024
Noratrieb Credited to Noratrieb and Eugeny Eugeny Eugeny
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database