Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
Symfony HTTP Foundation web cache poisoning Moderate
CVE-2018-14773 was published for symfony/http-foundation (Composer) May 13, 2022
llupa Credited to llupa
aiosmtpd STARTTLS unencrypted commands injection Moderate
CVE-2024-34083 was published for aiosmtpd (pip) May 20, 2024
Arusekk Credited to Arusekk
DNSJava DNSSEC Bypass High
CVE-2024-25638 was published for dnsjava:dnsjava (Maven) Jul 22, 2024
bellebaum Credited to bellebaum, schanzen, milux, and levpachmanov schanzen schanzen
milux milux levpachmanov levpachmanov
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Django Vulnerable to Cache Poisoning Critical
CVE-2014-1418 was published for Django (pip) May 17, 2022
sunSUNQ Credited to sunSUNQ
Artifact poisoning vulnerability in action-download-artifact v5 and earlier High
GHSA-5xr6-xhww-33m4 was published for dawidd6/action-download-artifact (GitHub Actions) Nov 25, 2024
woodruffw Credited to woodruffw
check-jsonschema default caching for remote schemas allows for cache confusion Moderate
CVE-2024-53848 was published for check-jsonschema (pip) Dec 2, 2024
sethmlarson Credited to sethmlarson and sirosen sirosen sirosen
Nuxt allows DOS via cache poisoning with payload rendering response High
CVE-2025-27415 was published for nuxt (npm) Mar 19, 2025
cold-try Credited to cold-try
AsyncSSH Rogue Extension Negotiation Moderate
CVE-2023-46445 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor Credited to TrueSkrillor and lambdafu lambdafu lambdafu
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor Credited to TrueSkrillor and lambdafu lambdafu lambdafu
OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders Moderate
GHSA-rxmx-g7hr-8mx4 was published for openclaw (npm) Apr 7, 2026
D0ub1e-D Credited to D0ub1e-D
OpenClaw has an Arbitrary Malicious Code Execution Vulnerability High
CVE-2026-35641 was published for openclaw (npm) Mar 30, 2026
ChangeYourWay Credited to ChangeYourWay
gitoxide: CommandForbiddenInModulesConfiguration Bypass in gix_submodule::File::update() Enables Arbitrary Command Execution via .gitmodules High
GHSA-f26g-jm89-4g65 was published for gix (Rust) May 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database