Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
Lechu69 Credited to Lechu69
id: groups= computed from real GID instead of effective GID Moderate
CVE-2026-35370 was published for uu_id (Rust) Jul 6, 2026
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted Moderate
CVE-2026-49997 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Field-level SELECT permissions bypassed via indexed COUNT fast paths Moderate
GHSA-c8jx-96c9-8xrp was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: USE NS/DB implicit creation bypasses DEFINE authorization Moderate
GHSA-wp87-mgvq-5j93 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions Moderate
GHSA-6wqw-vhfr-9999 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has bypass of field-level SELECT permissions through JSON Patch `copy` and `move` with empty `from` Moderate
GHSA-fpxg-5xmv-922m was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has an Authorization Bypass via Composite Record-id Paths Moderate
GHSA-6vg3-hgrw-p5gf was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Graph traversal bypasses table SELECT permissions Moderate
GHSA-vjjx-rfw4-rmfc was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Scraping a TABLE with no available PERMISSIONS to current auth level Moderate
GHSA-98fx-66cf-fc7c was published for surrealdb (Rust) Jul 1, 2026
LucyEgan Credited to LucyEgan
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals Moderate
GHSA-hv6h-hc26-q48p was published for surrealdb (Rust) Jun 19, 2026
fallintoplace Credited to fallintoplace
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` Moderate
CVE-2026-47128 was published for nono-cli (Rust) May 28, 2026
cgwalters Credited to cgwalters and NickCao NickCao NickCao
kodareef5 Credited to kodareef5
Duplicate Advisory: uutils coreutils has an Incorrect Authorization issue Moderate
GHSA-q94g-3gcf-66x7 was published for coreutils (Rust) Apr 22, 2026 withdrawn
Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role High
CVE-2026-27803 was published for vaultwarden (Rust) Mar 4, 2026
odgrso Credited to odgrso
odgrso Credited to odgrso and BlackDex BlackDex BlackDex
RustFS: Missing Post Policy Validation leads to Arbitrary Object Write High
CVE-2026-27607 was published for rustfs (Rust) Feb 25, 2026
nikeee Credited to nikeee
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy Credited to kearfy
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy Credited to littledivy and 0f-0b 0f-0b 0f-0b
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn Credited to nayeemrmn
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators High
GHSA-6jrf-4jv4-r9mw was published for tendermint-light-client-verifier (Rust) Apr 9, 2025
felix-asym Credited to felix-asym
jlebon Credited to jlebon
Vaultwarden vulnerable to user impersonation High
CVE-2024-55225 was published for vaultwarden (Rust) Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API