Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
OpenClaw has ACP CLI approval prompt ANSI escape sequence injection Moderate
GHSA-4hmj-39m8-jwc7 was published for openclaw (npm) Mar 29, 2026
nexrin Credited to nexrin
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences High
CVE-2026-3108 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 26, 2026
An improper neutralization of escape, meta, or control sequences vulnerability has been reported... Moderate Unreviewed
CVE-2025-62845 was published Mar 20, 2026
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. High Unreviewed
CVE-2025-15311 was published Feb 5, 2026
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized... High Unreviewed
CVE-2026-21521 was published Jan 23, 2026
Mailpit has an SMTP Header Injection via Regex Bypass Moderate
CVE-2026-23829 was published for github.com/axllent/mailpit (Go) Jan 20, 2026
omarkurt Credited to omarkurt
badkeys vulnerable to ASCII control character injection on console via malformed input Low
CVE-2026-21439 was published for badkeys (pip) Jan 5, 2026
hannob Credited to hannob
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server... Moderate Unreviewed
CVE-2025-65082 was published Dec 5, 2025
Soft Serve does not sanitize ANSI escape sequences in user input Moderate
CVE-2025-64494 was published for github.com/charmbracelet/soft-serve (Go) Nov 6, 2025
Tomer-PL Credited to Tomer-PL and caarlos0 caarlos0 caarlos0
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko Credited to aruneko
Tracing logging user input may result in poisoning logs with ANSI escape sequences Low
CVE-2025-58160 was published for tracing-subscriber (Rust) Aug 29, 2025
zefr0x Credited to zefr0x
Active Record logging vulnerable to ANSI escape injection Moderate
CVE-2025-55193 was published for activerecord (RubyGems) Aug 13, 2025
th4s1s Credited to th4s1s
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier... High Unreviewed
CVE-2024-47252 was published Jul 10, 2025
Gardener allows metadata injection for a project secret which can lead to privilege escalation Critical
CVE-2025-47284 was published for github.com/gardener/gardener (Go) May 19, 2025
rfranzke Credited to rfranzke, donistz, timuthy, and JordanJordanov donistz donistz
timuthy timuthy JordanJordanov JordanJordanov
Apache Tomcat Rewrite rule bypass Low
CVE-2025-31651 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 28, 2025
amita-seal Credited to amita-seal and taxone taxone taxone
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv... Low Unreviewed
CVE-2024-58251 was published Apr 23, 2025
gurk (aka gurk-rs) mishandles ANSI escape sequences Moderate
CVE-2025-30089 was published for gurk (Rust) Mar 17, 2025
Malayke Credited to Malayke
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute... High Unreviewed
CVE-2025-0975 was published Feb 28, 2025
MongoDB Shell may be susceptible to control character injection via pasting Moderate
CVE-2025-1692 was published for mongosh (npm) Feb 27, 2025
MongoDB Shell may be susceptible to control character Injection via shell output Low
CVE-2025-1693 was published for mongosh (npm) Feb 27, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security Credited to xbow-security
Crayfish allows Remote Code Execution via Homarus Authorization header Critical
CVE-2025-25286 was published for islandora/crayfish (Composer) Jan 15, 2025
seth-shaw-asu Credited to seth-shaw-asu and adam-vessey adam-vessey adam-vessey
jte's HTML templates containing Javascript template strings are subject to XSS Moderate
CVE-2025-23026 was published for gg.jte:jte (Maven) Jan 13, 2025
Petersoj Credited to Petersoj
python-sql SQL injection vulnerability Moderate
CVE-2024-9774 was published for python-sql (pip) Dec 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database