Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,518
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,758
Pub
13
RubyGems
1,036
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint Moderate
CVE-2026-32269 was published for parse-server (npm) Mar 13, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction Moderate
CVE-2026-24846 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal Credited to 1seal, egibs, antitree, stevebeattie, and eslerm egibs egibs
antitree antitree stevebeattie stevebeattie eslerm eslerm
Flask uses fallback key instead of current signing key Low
CVE-2025-47278 was published for flask (pip) May 13, 2025
jayaddison Credited to jayaddison and Brax94 Brax94 Brax94
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the... Moderate Unreviewed
CVE-2023-5352 was published Nov 6, 2023
Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls High
CVE-2023-32059 was published for vyper (pip) May 12, 2023
ptrcarta Credited to ptrcarta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database