Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods High
CVE-2026-42047 was published for inngest (npm) May 5, 2026
benhylak Credited to benhylak
Duplicate Advisory: OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability Moderate
GHSA-fjm8-mgc9-mf65 was published for openclaw (npm) Apr 24, 2026 withdrawn
Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients Moderate
GHSA-r7p2-r9g4-4xph was published for openclaw (npm) Apr 24, 2026 withdrawn
n8n has Arbitrary File Read via Python Code Node Sandbox Escape High
CVE-2026-27494 was published for n8n (npm) Feb 25, 2026
MarcoPoloPie Credited to MarcoPoloPie and Nico-Posada Nico-Posada Nico-Posada
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components Moderate
GHSA-c6m7-q6pr-c64r was published for @vitejs/plugin-rsc (npm) Dec 12, 2025
Next Server Actions Source Code Exposure Moderate
GHSA-w37m-7fhw-fmv9 was published for next (npm) Dec 11, 2025
Source Code Exposure Vulnerability in React Server Components Moderate
CVE-2025-55183 was published for react-server-dom-parcel (npm) Dec 11, 2025
Parse Server exposes the data schema via GraphQL API Moderate
CVE-2025-53364 was published for parse-server (npm) Jul 10, 2025
mtrezza Credited to mtrezza and Moumouls Moumouls Moumouls
ses's global contour bindings leak into Compartment lexical scope High
CVE-2025-32792 was published for ses (npm) Apr 18, 2025
mingijunggrape Credited to mingijunggrape, michaelfig, mhofman, and kriskowal michaelfig michaelfig
mhofman mhofman kriskowal kriskowal
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins Moderate
CVE-2025-2598 was published for aws-cdk (npm) Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database