Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

531 advisories

Loading
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice) High
CVE-2026-53530 was published for ratex-parser (Rust) Jul 7, 2026
nikkoenggaliano Credited to nikkoenggaliano
mkfifo: permissions of an existing file are changed after FIFO creation fails High
CVE-2026-35341 was published for uu_mkfifo (Rust) Jul 6, 2026
chmod: --preserve-root bypassed by any path that resolves to root (e.g. /../) High
CVE-2026-35338 was published for uu_chmod (Rust) Jul 6, 2026
jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow High
CVE-2026-52834 was published for jxl-grid (Rust) Jul 2, 2026
Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update High
CVE-2026-52829 was published for zebra-network (Rust) Jul 2, 2026
Haxatron Credited to Haxatron, oxarbitrage, and mpguerra oxarbitrage oxarbitrage
mpguerra mpguerra
Zebra has block suppression via NU5 same-header body poisoning of sent-hash cache High
CVE-2026-52736 was published for zebra-state (Rust) Jul 2, 2026
ipwning Credited to ipwning, x15-eth, upbqdn, conradoplg, and mpguerra x15-eth x15-eth
upbqdn upbqdn conradoplg conradoplg mpguerra mpguerra
SurrealDB has unauthenticated remote DoS via malformed RPC `use` call High
GHSA-wjjj-24cx-f28g was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has Denial of Service in JSON parser due to nested objects High
GHSA-q729-696q-g9pq was published for surrealdb (Rust) Jul 1, 2026
DarkaMaul Credited to DarkaMaul
SurrealDB: HTTP RPC Session Race Condition Allows Privilege Escalation High
GHSA-4vgr-h27g-cf9p was published for surrealdb (Rust) Jul 1, 2026
addcontent Credited to addcontent
addcontent Credited to addcontent
miauzxw Credited to miauzxw
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter High
GHSA-cc8f-fcx3-gpjr was published for surrealdb (Rust) Jun 19, 2026
kah-ja Credited to kah-ja
Deno: Miller-Rabin Primality Test Allows Zero Rounds High
CVE-2026-49440 was published for deno (Rust) Jun 16, 2026
HaoPham23 Credited to HaoPham23
Deno: Command Injection via spawnSync & spawn on Windows High
CVE-2026-49402 was published for deno (Rust) Jun 16, 2026
kejcao Credited to kejcao
PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators High
GHSA-36hh-v3qg-5jq4 was published for pyo3 (Rust) Jun 12, 2026
mjc Credited to mjc
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Routinator has cache path traversal when processing the module component of rsync URIs High
CVE-2026-49233 was published for routinator (Rust) Jun 8, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files High
CVE-2026-49235 was published for routinator (Rust) Jun 8, 2026
skillctl: Path traversal and symlink-follow in skillctl allow arbitrary file disclosure and deletion High
GHSA-wx3m-whqv-xv47 was published for skillctl (Rust) Jun 5, 2026
wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction High
CVE-2026-47261 was published for wasmtime-wasi (Rust) Jun 5, 2026
shumbo Credited to shumbo
mjc Credited to mjc
Deno's TLS retry copies stale upgrade hook, risking plaintext traffic High
CVE-2026-44726 was published for deno (Rust) May 27, 2026
r3wretrhy Credited to r3wretrhy
ProTip! Advisories are also available from the GraphQL API