GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
211 advisories
Filter by severity
`exploration` was removed from crates.io for malicious code
Critical
GHSA-99j7-fhr2-xfj4
was published
for
exploration
(Rust)
Jul 10, 2026
Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
Critical
CVE-2026-54496
was published
for
halo2_gadgets
(Rust)
Jul 6, 2026
zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser
Critical
CVE-2026-52735
was published
for
zebra-script
(Rust)
Jul 2, 2026
BoxLite: Permission Bypass Allows Modification of Read-Only Files
Critical
CVE-2026-46695
was published
for
@boxlite-ai/boxlite
(Go)
May 21, 2026
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
Critical
CVE-2026-46703
was published
for
@boxlite-ai/boxlite
(Go)
May 21, 2026
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
Critical
CVE-2026-33646
was published
for
mise
(Rust)
Jun 22, 2026
Out-of-bounds Write in actix-web
Critical
CVE-2018-25024
was published
for
actix-web
(Rust)
Jan 6, 2022
Out-of-bounds Write in actix-web
Critical
CVE-2018-25025
was published
for
actix-web
(Rust)
Jan 6, 2022
Out-of-bounds Write in actix-web
Critical
CVE-2018-25026
was published
for
actix-web
(Rust)
Jan 6, 2022
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Critical
CVE-2026-45374
was published
for
deepseek-tui
(Rust)
May 14, 2026
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
Critical
CVE-2026-45311
was published
for
deepseek-tui
(npm)
May 14, 2026
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs
Critical
GHSA-cwfq-rfcr-8hmp
was published
for
zebrad
(Rust)
May 7, 2026
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
Critical
CVE-2026-44497
was published
for
zebra-script
(Rust)
May 7, 2026
Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
Critical
CVE-2026-44498
was published
for
zebrad
(Rust)
May 7, 2026
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling
Critical
CVE-2026-41583
was published
for
zebra-script
(Rust)
Apr 18, 2026
Zebra has rk Identity Point Panic in Transaction Verification
Critical
CVE-2026-41584
was published
for
zebra-chain
(Rust)
Apr 18, 2026
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output
Critical
GHSA-pvmv-cwg8-v6c8
was published
for
zebra-script
(Rust)
May 8, 2026
`mysten-metrics` was removed from crates.io for malicious code
Critical
GHSA-g38r-8gmr-ghrf
was published
for
mysten-metrics
(Rust)
May 4, 2026
`sui-execution-cut` was removed from crates.io for malicious code
Critical
GHSA-qprh-m6p3-hwxc
was published
for
sui-execution-cut
(Rust)
May 4, 2026
Brillig: Heap corruption in foreign call results with nested tuple arrays
Critical
CVE-2026-41197
was published
for
brillig
(Rust)
Apr 21, 2026
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation
Critical
CVE-2026-33471
was published
for
nimiq-block
(Rust)
Apr 22, 2026
Wasmtime: Miscompiled guest heap access enables sandbox escape on aarch64 Cranelift
Critical
CVE-2026-34971
was published
for
wasmtime
(Rust)
Apr 9, 2026
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
Critical
CVE-2026-40093
was published
for
nimiq-blockchain
(Rust)
Apr 10, 2026
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
Critical
CVE-2026-34987
was published
for
wasmtime
(Rust)
Apr 10, 2026
Zebra node crash — V5 transaction hash panic (P2P reachable)
Critical
CVE-2026-34202
was published
for
zebra-chain
(Rust)
Mar 27, 2026
ProTip!
Advisories are also available from the
GraphQL API