GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
341 advisories
Pleezer resource exhaustion through uncollected hook script processes
Moderate
CVE-2025-32439
was published
for
pleezer
(Rust)
Apr 14, 2025
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
Moderate
GHSA-5q9x-554g-9jgg
was published
for
surrealdb
(Rust)
Apr 11, 2025
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
Moderate
GHSA-m7rc-8w7m-r9qr
was published
for
surrealdb
(Rust)
Apr 10, 2025
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use
Moderate
GHSA-wr2m-38xh-rpc9
was published
for
lemmy_server
(Rust)
Apr 8, 2025
Jujutsu does not have SHA-1 collision detection
Moderate
GHSA-794x-2rpg-rfgr
was published
for
jj-cli
(Rust)
Apr 7, 2025
gitoxide does not detect SHA-1 collision attacks
Moderate
CVE-2025-31130
was published
for
gitoxide
(Rust)
Apr 4, 2025
tough terminating targets role delegations are not respected
Moderate
CVE-2025-2886
was published
for
tough
(Rust)
Mar 28, 2025
tough root metadata version is not checked for sequential versioning
Moderate
CVE-2025-2885
was published
for
tough
(Rust)
Mar 28, 2025
tough timestamp metadata is cached when it fails snapshot rollback check
Moderate
CVE-2025-2888
was published
for
tough
(Rust)
Mar 28, 2025
tough failure to detect delegated target rollback
Moderate
CVE-2025-2887
was published
for
tough
(Rust)
Mar 28, 2025
Libcontainer is affected by capabilities elevation similar to GHSA-f3fp-gc8g-vw66
Moderate
CVE-2025-27612
was published
for
libcontainer
(Rust)
Mar 21, 2025
gurk (aka gurk-rs) mishandles ANSI escape sequences
Moderate
CVE-2025-30089
was published
for
gurk
(Rust)
Mar 17, 2025
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2025-27498
was published
for
ascon_aead
(Rust)
Mar 3, 2025
ntpd NTS client denial of service via wrongly sized cookies
Moderate
GHSA-v83q-83hj-rw38
was published
for
ntpd
(Rust)
Feb 28, 2025
ProTip!
Advisories are also available from the
GraphQL API