Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,746 advisories

Loading
Chainlit contains an authorization bypass vulnerability Low
CVE-2025-68492 was published for chainlit (pip) Jan 14, 2026
Quill is vulnerable to XSS via HTML export feature Low
CVE-2025-15056 was published for quill (npm) Jan 13, 2026
Weblate command-line client susceptible to SSL verification skip Low
CVE-2026-22250 was published for wlc (pip) Jan 12, 2026
nijel Zee99y
Credited to nijel and Zee99y
AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability Low
CVE-2025-15506 was published for opencolorio (pip) Jan 11, 2026
QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting Low
CVE-2026-0824 was published for @questdb/web-console (npm) Jan 10, 2026
LIEF is vulnerable to segmentation fault Low
CVE-2025-15504 was published for lief (pip) Jan 10, 2026
mnl has segmentation fault and invalid memory read in `mnl::cb_run` Low
GHSA-585q-cm62-757j was published for mnl (Rust) Jan 9, 2026
pypdf has possible long runtimes for malformed startxref Low
CVE-2026-22691 was published for pypdf (pip) Jan 9, 2026
mkaalto stefan6419846
Credited to mkaalto and stefan6419846
pypdf has possible long runtimes for missing /Root object with large /Size values Low
CVE-2026-22690 was published for pypdf (pip) Jan 9, 2026
N0zoM1z0 stefan6419846
Credited to N0zoM1z0 and stefan6419846
AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value Low
CVE-2026-22611 was published for AWSSDK.Core (NuGet) Jan 9, 2026
AWS SDK for Swift adopted defense in depth enhancement for region parameter value Low
GHSA-pc9j-5v36-2mww was published for github.com/awslabs/aws-sdk-swift (Swift) Jan 8, 2026
JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3 Low
GHSA-j965-2qgj-vjmq was published for aws-sdk (npm) Jan 8, 2026
AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value Low
GHSA-6475-r3vj-m8vf was published for @smithy/config-resolver (npm) Jan 8, 2026
AWS SDK for Rust v1 adopted defense in depth enhancement for region parameter value Low
GHSA-g59m-gf8j-gjf5 was published for aws-sdk-accessanalyzer (Rust) Jan 8, 2026
Elliptic Uses a Cryptographic Primitive with a Risky Implementation Low
CVE-2025-14505 was published for elliptic (npm) Jan 8, 2026
`IterMut` violates Stacked Borrows by invalidating internal pointer Low
GHSA-rhfx-m35p-ff5j was published for lru (Rust) Jan 7, 2026
loggingredactor converts non-string types to string types in logs Low
CVE-2026-22041 was published for loggingredactor (pip) Jan 7, 2026
armurox
Credited to armurox
carbone Code Injection vulnerability Low
CVE-2024-14020 was published for carbone (npm) Jan 7, 2026
rsa crate has potential panic on a prime being equal to 1 Low
CVE-2026-21895 was published for rsa (Rust) Jan 6, 2026
invd
Credited to invd
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
CVE-2025-69230 was published for aiohttp (pip) Jan 5, 2026
Finder16
Credited to Finder16
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
CVE-2025-69226 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
CVE-2025-69225 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
CVE-2025-69224 was published for aiohttp (pip) Jan 5, 2026
ThomasRinsma
Credited to ThomasRinsma
badkeys vulnerable to ASCII control character injection on console via malformed input Low
CVE-2026-21439 was published for badkeys (pip) Jan 5, 2026
hannob
Credited to hannob
Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-p4f6-h8jj-vfvf was published for github.com/mccutchen/go-httpbin (Go) Jan 2, 2026 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database