Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,828
Maven
5,000+
npm
5,000+
NuGet
942
pip
5,000+
Pub
13
RubyGems
1,060
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,233 advisories

Loading
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at... Critical Unreviewed
CVE-2019-14197 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an... Critical Unreviewed
CVE-2019-14193 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed... Critical Unreviewed
CVE-2019-14196 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed... Critical Unreviewed
CVE-2019-14198 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14200 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing... Critical Unreviewed
CVE-2019-14199 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14202 was published May 24, 2022
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation.... Critical Unreviewed
CVE-2026-41872 was published May 12, 2026
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows... Critical Unreviewed
CVE-2026-34260 was published May 12, 2026
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user... Critical Unreviewed
CVE-2026-34263 was published May 12, 2026
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE... Critical Unreviewed
CVE-2025-67887 was published May 8, 2026
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control... Critical Unreviewed
CVE-2025-69599 was published May 8, 2026
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug... Critical Unreviewed
CVE-2026-43185 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer... Critical Unreviewed
CVE-2026-43186 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in... Critical Unreviewed
CVE-2026-43198 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to... Critical Unreviewed
CVE-2026-43208 was published May 6, 2026
In the Linux kernel, the following vulnerability has been resolved: netconsole: avoid OOB reads,... Critical Unreviewed
CVE-2026-43197 was published May 6, 2026
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation Critical
CVE-2026-27478 was published for io.unitycatalog:unitycatalog-server (Maven) May 11, 2026
lukas-reining Credited to lukas-reining
WebdriverIO BrowserStack Service has a Command Injection issue Critical
CVE-2026-25244 was published for @wdio/browserstack-service (npm) May 11, 2026
hayageek Credited to hayageek
torrentpier has PHP Serialize Injections Critical
GHSA-h29g-c9cx-c73q was published for torrentpier/torrentpier (Composer) May 11, 2026
PhpSecure Credited to PhpSecure
Eclipse BaSyx Java Server SDK vulnerable to Path Traversal Critical
CVE-2026-7411 was published for org.eclipse.basyx:basyx.sdk (Maven) May 5, 2026
Spring Cloud Config vulnerable to Path Traversal Critical
CVE-2026-40982 was published for org.springframework.cloud:spring-cloud-config-server (Maven) May 7, 2026
Duplicate Advisory: OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation Critical
GHSA-m8wm-r5vq-qjpg was published for openclaw (npm) May 6, 2026 withdrawn
Duplicate Advisory: OpenClaw: Feishu webhook and card-action validation now fail closed Critical
GHSA-cjg8-85gj-v9q2 was published for openclaw (npm) May 6, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database