Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,256 advisories

Loading
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
CVE-2026-41585 was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
Zebra has rk Identity Point Panic in Transaction Verification Critical
CVE-2026-41584 was published for zebra-chain (Rust) Apr 18, 2026
conradoplg Credited to conradoplg and mpguerra mpguerra mpguerra
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling Critical
CVE-2026-41583 was published for zebra-script (Rust) Apr 18, 2026
conradoplg Credited to conradoplg, mpguerra, and sangsoo-osec mpguerra mpguerra
sangsoo-osec sangsoo-osec
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 Credited to tomato42 and lukas-braune lukas-braune lukas-braune
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 High
CVE-2026-41676 was published for openssl (Rust) Apr 22, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
rust-openssl has incorrect bounds assertion in aes key wrap High
CVE-2026-41678 was published for openssl (Rust) Apr 22, 2026
rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check High
CVE-2026-41681 was published for openssl (Rust) Apr 22, 2026
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer High
CVE-2026-41898 was published for openssl (Rust) Apr 22, 2026
Brillig: Heap corruption in foreign call results with nested tuple arrays Critical
CVE-2026-41197 was published for brillig (Rust) Apr 21, 2026
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks High
CVE-2026-40937 was published for rustfs (Rust) Apr 22, 2026
kodareef5 Credited to kodareef5
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-account: Vesting insufficient funds error can panic Moderate
CVE-2026-34064 was published for nimiq-account (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r, conradoplg, and mpguerra conradoplg conradoplg
mpguerra mpguerra
Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks High
CVE-2026-40880 was published for zebra-consensus (Rust) Apr 18, 2026
sangsoo-osec Credited to sangsoo-osec, conradoplg, and mpguerra conradoplg conradoplg
mpguerra mpguerra
thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics High
CVE-2026-6654 was published for thin-vec (Rust) Apr 15, 2026
cloudchatsonny-stack Credited to cloudchatsonny-stack
Read buffer overruns processing ASN.1 strings High
CVE-2021-3712 was published for openssl-src (Rust) May 24, 2022
another-rex Credited to another-rex
Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding Moderate
CVE-2026-34941 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and deian deian deian
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime has a possible panic when lifting `flags` component value Moderate
CVE-2026-34943 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database