Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

152 advisories

Loading
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage... Moderate Unreviewed
CVE-2026-53867 was published Jun 13, 2026
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged... Moderate Unreviewed
CVE-2026-0427 was published May 15, 2026
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user... Critical Unreviewed
CVE-2026-34263 was published May 12, 2026
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup... Moderate Unreviewed
CVE-2026-43395 was published May 8, 2026
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain... High Unreviewed
CVE-2025-66467 was published May 8, 2026
nesquena hermes-webui contains an environment variable leakage vulnerability where profile... Moderate Unreviewed
CVE-2026-6830 was published Apr 22, 2026
Multer vulnerable to Denial of Service via incomplete cleanup High
CVE-2026-3304 was published for multer (npm) Mar 1, 2026
EthanKim88 Credited to EthanKim88, ctcpip, UlisesGascon, and bjohansebas ctcpip ctcpip
UlisesGascon UlisesGascon bjohansebas bjohansebas
Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse Critical
CVE-2026-28268 was published for code.vikunja.io/api (Go) Feb 28, 2026
VashuVats Credited to VashuVats
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on... Low Unreviewed
CVE-2026-28196 was published Feb 25, 2026
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map Moderate
CVE-2026-21438 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Tanium addressed an uncontrolled resource consumption vulnerability in Connect. Moderate Unreviewed
CVE-2025-15331 was published Feb 5, 2026
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond Moderate
GHSA-4rmq-mc2c-r495 was published for github.com/babylonlabs-io/babylon (Go) Dec 9, 2025
Apache Struts is Vulnerable to DoS via File Leak High
CVE-2025-64775 was published for org.apache.struts:struts2-core (Maven) Dec 1, 2025
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest... Moderate Unreviewed
CVE-2025-29934 was published Nov 21, 2025
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function High Unreviewed
CVE-2025-60730 was published Oct 24, 2025
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which... Critical Unreviewed
CVE-2025-6338 was published Oct 16, 2025
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS... High Unreviewed
CVE-2025-59781 was published Oct 15, 2025
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series... Moderate Unreviewed
CVE-2025-20293 was published Sep 24, 2025
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. Moderate Unreviewed
CVE-2025-55910 was published Sep 22, 2025
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local... High Unreviewed
CVE-2025-0032 was published Sep 6, 2025
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade... Low Unreviewed
CVE-2024-21977 was published Sep 5, 2025
Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute... High Unreviewed
CVE-2025-43711 was published Jul 5, 2025
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make... Moderate Unreviewed
CVE-2025-38177 was published Jul 4, 2025
An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before &... Low Unreviewed
CVE-2023-29184 was published Jun 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database