GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
158,248 advisories
mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport
Moderate
CVE-2026-0895
was published
for
cpsit/typo3-mailqueue
(Composer)
Jan 21, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users
Moderate
CVE-2025-14559
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load
Moderate
CVE-2026-23952
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML
Moderate
GHSA-qp59-x883-77qv
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript
Moderate
CVE-2026-23874
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Jan 21, 2026
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash
Moderate
CVE-2026-23886
was published
for
github.com/swift-otel/swift-otel
(Swift)
Jan 21, 2026
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper
Moderate
CVE-2026-23885
was published
for
alchemy_cms
(RubyGems)
Jan 21, 2026
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
Moderate
CVE-2026-23833
was published
for
esphome
(pip)
Jan 21, 2026
Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user
Moderate
CVE-2026-23877
was published
for
swingmusic
(pip)
Jan 21, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Moderate
CVE-2026-23849
was published
for
github.com/filebrowser/filebrowser
(Go)
Jan 21, 2026
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API
Moderate
CVE-2026-23845
was published
for
github.com/axllent/mailpit
(Go)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API