Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,818
Erlang
23
GitHub Actions
38
Go
2,203
Maven
2,576
npm
2,819
NuGet
487
pip
2,656
Pub
5
RubyGems
328
Rust
877
Swift
19
Unreviewed advisories
All unreviewed
5,000+

877 advisories

Loading
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 High
CVE-2026-41676 was published for openssl (Rust) Apr 22, 2026
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length Low
CVE-2026-41677 was published for openssl (Rust) Apr 22, 2026
rust-openssl has incorrect bounds assertion in aes key wrap High
CVE-2026-41678 was published for openssl (Rust) Apr 22, 2026
rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check High
CVE-2026-41681 was published for openssl (Rust) Apr 22, 2026
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer High
GHSA-hppc-g8h3-xhp3 was published for openssl (Rust) Apr 22, 2026
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks High
CVE-2026-40937 was published for rustfs (Rust) Apr 22, 2026
kodareef5 Credited to kodareef5
nimiq-blockchain: Peer-triggerable panic during history sync Moderate
CVE-2026-34066 was published for nimiq-blockchain (Rust) Apr 22, 2026
1seal Credited to 1seal and ii-cruz ii-cruz ii-cruz
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch Low
CVE-2026-34067 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-account: Vesting insufficient funds error can panic Moderate
CVE-2026-34064 was published for nimiq-account (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation Critical
CVE-2026-33471 was published for nimiq-block (Rust) Apr 22, 2026
1seal Credited to 1seal
actix-http has HTTP/1.1 CL.TE Request Smuggling Moderate
GHSA-xhj4-vrgc-hr34 was published for actix-http (Rust) Apr 22, 2026
mufeedvh Credited to mufeedvh
Brillig: Heap corruption in foreign call results with nested tuple arrays Critical
CVE-2026-41197 was published for brillig (Rust) Apr 21, 2026
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling Critical
GHSA-8m29-fpq5-89jj was published for zebra-script (Rust) Apr 18, 2026
conradoplg Credited to conradoplg, mpguerra, and sangsoo-osec mpguerra mpguerra
sangsoo-osec sangsoo-osec
Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients Moderate
GHSA-29x4-r6jv-ff4w was published for zebra-rpc (Rust) Apr 18, 2026
upbqdn Credited to upbqdn, mpguerra, and conradoplg mpguerra mpguerra
conradoplg conradoplg
Zebra has rk Identity Point Panic in Transaction Verification Critical
GHSA-452v-w3gx-72wg was published for zebra-chain (Rust) Apr 18, 2026
mpguerra Credited to mpguerra
Zebra: addr/addrv2 Deserialization Resource Exhaustion Moderate
CVE-2026-40881 was published for zebra-network (Rust) Apr 18, 2026
Zk-nd3r Credited to Zk-nd3r and mpguerra mpguerra mpguerra
Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks High
CVE-2026-40880 was published for zebra-consensus (Rust) Apr 18, 2026
sangsoo-osec Credited to sangsoo-osec, conradoplg, and mpguerra conradoplg conradoplg
mpguerra mpguerra
Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths Low
GHSA-3g92-f9ch-qjcm was published for p3-symmetric (Rust) Apr 16, 2026
webpki: Name constraints were accepted for certificates asserting a wildcard name Low
GHSA-xgp8-3hg3-c2mh was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
webpki: Name constraints for URI names were incorrectly accepted Low
GHSA-965h-392x-2mh5 was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics High
GHSA-xphw-cqx3-667j was published for thin-vec (Rust) Apr 15, 2026
cloudchatsonny-stack Credited to cloudchatsonny-stack
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
simonhollingshead Credited to simonhollingshead, ShoyuVanilla, and nbagnard ShoyuVanilla ShoyuVanilla
nbagnard nbagnard
SP1 V6 Recursion Circuit Row-Count Binding Gap High
CVE-2026-40323 was published for sp1_prover (Rust) Apr 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database