GitHub Advisory Database now supports Rust
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!
GitHub is on a mission to create a more secure supply chain for all developers and organizations. To do that, we need to empower all developer communities with a comprehensive vulnerability database.
That’s why we’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!
The Rust addition expands our Advisory Database coverage to eight supported programming language ecosystems: Composer (PHP), Go, Maven, npm, NuGet, pip, RubyGems and Rust.
This coverage ensures that any member of the Rust community can check for security issues in the same place that their code resides: on GitHub. And it’s only the first step! Check out our public roadmap as we work toward Rust support for the dependency graph and Dependabot alerts.
Thank you, RustSec and Rust community!
As we worked to add the Rust ecosystem to the Advisory Database, we received a lot of support from RustSec and the Rust community.
We are immensely grateful to RustSec, an independent organization that collects, standardizes, and publishes security advisories related to Rust libraries. Its free public database is the starting point for our own Rust vulnerability dataset.
We plan to continue our collaboration with RustSec and the broader Rust community by making our own GitHub Security Advisory data available and easily consumable to further supplement theirs. Working together, we can do more to reduce the problem of vulnerability visibility than we could apart.
Advisories
GitHub’s Advisory Database is an open database of security advisories focused on high-quality, actionable vulnerability information for developers. It’s licensed under Creative Commons Attribution 4.0, so the data can be used anywhere.
So far, we’ve published 317 Rust Security Advisories, and this number will grow as we collect more data from the community. You can see current Rust advisories by selecting Rust on the left menu in the GitHub Advisory Database.
Learn more
Jump in and explore Rust advisories today, or learn more about our other supply chain security features as follows:
- The Advisory Database
- Security advisories
- Dependency graph
- Dependabot alerts
- Dependabot security updates
Tags:
Written by
Related posts
A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.