Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

480 advisories

Loading
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
Granian vulnerable to DoS via WSGI response header panic Moderate
CVE-2026-42545 was published for granian (pip) May 6, 2026
Z-Bra0 Credited to Z-Bra0
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
Concurrent execution using shared resource with improper synchronization ('race condition') in ... High Unreviewed
CVE-2026-23666 was published Apr 14, 2026
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service Moderate
CVE-2026-40074 was published for @sveltejs/kit (npm) Apr 10, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what... High Unreviewed
CVE-2023-4537 was published Feb 15, 2024
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle... Moderate Unreviewed
CVE-2008-4302 was published May 2, 2022
In apusys, there is a possible memory corruption due to incorrect error handling. This could lead... High Unreviewed
CVE-2021-0668 was published Nov 19, 2021
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation... High Unreviewed
CVE-2026-28542 was published Mar 5, 2026
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future Moderate
CVE-2026-27195 was published for wasmtime (Rust) Feb 24, 2026
dicej Credited to dicej
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed High
CVE-2026-27586 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
moscowchill Credited to moscowchill
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
Cube Core is vulnerable to Denial of Service (DoS) via crafted request Moderate
CVE-2026-25957 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr Credited to ovr
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1... Moderate Unreviewed
CVE-2026-23762 was published Jan 22, 2026
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper... High Unreviewed
CVE-2026-0203 was published Jan 15, 2026
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE... High Unreviewed
CVE-2026-21906 was published Jan 15, 2026
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
matrix-sdk-base denial of service via custom m.room.join_rules event values Low
CVE-2025-66622 was published for matrix-sdk-base (Rust) Dec 8, 2025
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be... High Unreviewed
CVE-2019-11694 was published May 24, 2022
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi Credited to rsukhodolskyi
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the... Moderate Unreviewed
CVE-2025-27465 was published Jul 16, 2025
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-23121 was published Mar 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database