Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules High
GHSA-f26g-jm89-4g65 was published for gix (Rust) May 5, 2026
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized... High Unreviewed
CVE-2026-32162 was published Apr 14, 2026
OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders Moderate
GHSA-rxmx-g7hr-8mx4 was published for openclaw (npm) Apr 7, 2026
D0ub1e-D Credited to D0ub1e-D
OpenClaw has an Arbitrary Malicious Code Execution Vulnerability High
CVE-2026-35641 was published for openclaw (npm) Mar 30, 2026
ChangeYourWay Credited to ChangeYourWay
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport... High Unreviewed
CVE-2026-1642 was published Feb 4, 2026
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote... Moderate Unreviewed
CVE-2025-68269 was published Dec 16, 2025
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in... Low Unreviewed
CVE-2025-1680 was published Oct 23, 2025
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an... High Unreviewed
CVE-2025-40778 was published Oct 22, 2025
NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack... Moderate Unreviewed
CVE-2025-11411 was published Oct 22, 2025
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in... Moderate Unreviewed
CVE-2025-11703 was published Oct 18, 2025
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in... High Unreviewed
CVE-2025-5994 was published Jul 16, 2025
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be... High Unreviewed
CVE-2025-40776 was published Jul 16, 2025
Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an... Moderate Unreviewed
CVE-2025-48804 was published Jul 8, 2025
A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated,... Moderate Unreviewed
CVE-2025-20255 was published May 21, 2025
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized... High Unreviewed
CVE-2025-29842 was published May 13, 2025
Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a... High Unreviewed
CVE-2025-29816 was published Apr 8, 2025
Nuxt allows DOS via cache poisoning with payload rendering response High
CVE-2025-27415 was published for nuxt (npm) Mar 19, 2025
cold-try Credited to cold-try
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson Credited to sethmlarson and sirosen sirosen sirosen
Artifact poisoning vulnerability in action-download-artifact v5 and earlier High
GHSA-5xr6-xhww-33m4 was published for dawidd6/action-download-artifact (GitHub Actions) Nov 25, 2024
woodruffw Credited to woodruffw
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via... Moderate Unreviewed
CVE-2024-52555 was published Nov 15, 2024
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack... Moderate Unreviewed
CVE-2024-27185 was published Aug 20, 2024
Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4... High Unreviewed
CVE-2024-41924 was published Jul 30, 2024
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum Credited to bellebaum, schanzen, milux, and levpachmanov schanzen schanzen
milux milux levpachmanov levpachmanov
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk Credited to Arusekk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database