Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

652 advisories

Loading
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer... Moderate Unreviewed
CVE-2025-14242 was published Jan 14, 2026
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the... Moderate Unreviewed
CVE-2025-15534 was published Jan 18, 2026
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component Moderate
CVE-2026-23833 was published for esphome (pip) Jan 21, 2026
Mat931 Credited to Mat931
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when... Moderate Unreviewed
CVE-2025-67125 was published Jan 23, 2026
Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org... Moderate Unreviewed
CVE-2026-1464 was published Jan 27, 2026
Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec Moderate
CVE-2026-24807 was published for com.github.liuyueyi.media:batik-codec-fix (Maven) Jan 27, 2026
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 Moderate
CVE-2026-24889 was published for soroban-sdk (Rust) Jan 28, 2026
leighmcculloch Credited to leighmcculloch, jayz22, dmkozh, and kanwalpreetd jayz22 jayz22
dmkozh dmkozh kanwalpreetd kanwalpreetd
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size... Moderate Unreviewed
CVE-2026-25210 was published Jan 30, 2026
Memory corruption when calculating oversized partition sizes without proper checks. Moderate Unreviewed
CVE-2025-47363 was published Feb 2, 2026
Memory corruption while calculating offset from partition start point. Moderate Unreviewed
CVE-2025-47364 was published Feb 2, 2026
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound... Moderate Unreviewed
CVE-2026-21354 was published Feb 10, 2026
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an... Moderate Unreviewed
CVE-2025-48515 was published Feb 10, 2026
The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass... Moderate Unreviewed
CVE-2024-36316 was published Feb 11, 2026
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which... Moderate Unreviewed
CVE-2026-0619 was published Feb 12, 2026
Bug fixes in hpke-rs, hpke-rs-rust-crypto Moderate
GHSA-g433-pq76-6cmf was published for hpke-rs (Rust) Feb 13, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound Moderate
CVE-2025-66168 was published for org.apache.activemq:activemq-all (Maven) Mar 4, 2026
neqo-qpack has iInteger overflow in qpack dynamic table indexing Moderate
GHSA-6w86-wgwq-rgq8 was published for neqo-qpack (Rust) Mar 4, 2026
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD... Moderate Unreviewed
CVE-2026-20025 was published Mar 4, 2026
DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound... Moderate Unreviewed
CVE-2026-27281 was published Mar 10, 2026
ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption Moderate
CVE-2026-25970 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
ylwango613 Credited to ylwango613
ImageMagick has Integer Overflow leading to out of bounds write in SIXEL decoder Moderate
CVE-2026-28493 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely Moderate
CVE-2026-32759 was published for github.com/filebrowser/filebrowser/v2 (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on... Moderate Unreviewed
CVE-2026-2809 was published Mar 17, 2026
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on... Moderate Unreviewed
CVE-2025-15584 was published Mar 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database