Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS High
CVE-2025-59837 was published for astro (npm) Oct 28, 2025
everping Credited to everping and GeneralZero GeneralZero GeneralZero
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass) High
CVE-2026-44334 was published for praisonai (pip) May 6, 2026
everping Credited to everping
Caddy CVE-2026-30852 Fix Bypass Moderate
GHSA-wwhq-w58m-w29c was published for github.com/caddyserver/caddy/v2 (Go) May 19, 2026
everping Credited to everping
PHPSpreadsheet has a patch bypass for CVE-2026-34084 Critical
CVE-2026-45034 was published for phpoffice/phpspreadsheet (Composer) Jun 8, 2026
everping Credited to everping
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth High
CVE-2026-47701 was published for github.com/open-telemetry/opentelemetry-operator (Go) Jun 10, 2026
everping Credited to everping, arminru, jaronoff97, and swiatekm arminru arminru
jaronoff97 jaronoff97 swiatekm swiatekm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database