Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

160,669 advisories

Loading
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint Moderate
CVE-2026-46371 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint Moderate
CVE-2026-46370 was published for github.com/fleetdm/fleet/v4 (Go) Jun 12, 2026
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization Moderate
CVE-2026-44311 was published for fabric (npm) Jun 12, 2026
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression Moderate
CVE-2026-44981 was published for github.com/crowdsecurity/crowdsec (Go) May 27, 2026
davide-s-rosa Credited to davide-s-rosa and lorraine2 lorraine2 lorraine2
PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures Moderate
GHSA-chgr-c6px-7xpp was published for pyo3 (Rust) Jun 12, 2026
TYPO3 CMS has Broken Access Control in the Recycler Module Moderate
CVE-2026-47349 was published for typo3/cms-core (Composer) Jun 12, 2026
TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities Moderate
CVE-2026-47347 was published for typo3/cms-core (Composer) Jun 12, 2026
TYPO3 HTML Sanitizer allows Cross-site Scripting Moderate
CVE-2026-47345 was published for typo3/html-sanitizer (Composer) Jun 12, 2026
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat Incomplete Cleanup vulnerability Moderate
CVE-2023-42795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210 and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
TYPO3 CMS has Broken Access Control in its DataHandler Moderate
CVE-2026-47350 was published for typo3/cms-core (Composer) Jun 12, 2026
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion Moderate
CVE-2026-48043 was published for io.netty:netty-codec-http2 (Maven) Jun 11, 2026
IPAM controller service account granted unnecessary full access to Secrets Moderate
CVE-2026-47190 was published for github.com/metal3-io/ip-address-manager (Go) May 29, 2026
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race Moderate
CVE-2026-46690 was published for unbounded-spsc (Rust) May 29, 2026
berkant-koc Credited to berkant-koc
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced Moderate
CVE-2026-47244 was published for io.netty:netty-codec-http2 (Maven) Jun 8, 2026
chrisvest Credited to chrisvest
NodeVM observability builtins leak host process and HTTP request data Moderate
CVE-2026-47141 was published for vm2 (npm) May 29, 2026
spbavarva Credited to spbavarva
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
Netty: Unix-socket fd receive leaks descriptors when peer sends two at once Moderate
CVE-2026-45536 was published for io.netty:netty-transport-native-epoll (Maven) Jun 8, 2026
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` Moderate
CVE-2026-47200 was published for @nuxt/nitro-server (npm) May 29, 2026
rmtsixq Credited to rmtsixq
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) Moderate
CVE-2026-45670 was published for @nuxt/rspack-builder (npm) May 19, 2026
sapphi-red Credited to sapphi-red
Nuxt: Reflected XSS in `navigateTo()` external redirect Moderate
CVE-2026-45669 was published for nuxt (npm) May 19, 2026
Mr-In4inci3le Credited to Mr-In4inci3le
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas Moderate
CVE-2026-48038 was published for joi (npm) Jun 11, 2026
kexwin Credited to kexwin
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service Moderate
CVE-2026-45802 was published for setasign/fpdi (Composer) May 19, 2026
esnard Credited to esnard
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration Moderate
CVE-2026-47250 was published for mcp-server-kubernetes (npm) Jun 5, 2026
yotampe-pluto Credited to yotampe-pluto
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database