Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

125,465 advisories

Loading
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the... High Unreviewed
CVE-2020-36997 was published Jan 29, 2026
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote... High Unreviewed
CVE-2020-37000 was published Jan 29, 2026
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File... High Unreviewed
CVE-2020-37001 was published Jan 29, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an... High Unreviewed
CVE-2026-24428 was published Jan 26, 2026
React Server Components have multiple Denial of Service Vulnerabilities High
CVE-2026-23864 was published for react-server-dom-parcel (npm) Jan 29, 2026
mufeedvh Credited to mufeedvh, Ry0taK, jviide, and marckwei Ry0taK Ry0taK
jviide jviide marckwei marckwei
Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade... High Unreviewed
CVE-2025-7016 was published Jan 29, 2026
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations derrickmehaffy derrickmehaffy
alexandrebodin alexandrebodin innerdvations innerdvations
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files High
CVE-2026-24747 was published for pytorch (pip) Jan 27, 2026
azraelxuemo Credited to azraelxuemo
Apache Kyuubi Server vulnerable to Path Traversal High
CVE-2025-66518 was published for org.apache.kyuubi:kyuubi-server_2.12 (Maven) Jan 5, 2026
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access High
CVE-2026-24740 was published for github.com/amir20/dozzle (Go) Jan 27, 2026
k14uz Credited to k14uz
Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy` High
GHSA-8h3q-9fpp-c883 was published for wrangler (npm) Jan 21, 2026 withdrawn
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67949 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67959 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67620 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67614 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67960 was published Jan 22, 2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-67963 was published Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-67615 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67947 was published Jan 22, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2025-67952 was published Jan 22, 2026
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows... High Unreviewed
CVE-2025-67619 was published Jan 22, 2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2025-67616 was published Jan 22, 2026
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0... High Unreviewed
CVE-2025-10213 was published Sep 10, 2025
Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is... High Unreviewed
CVE-2024-1509 was published Mar 1, 2025
Kyverno Denial of Service via Context Variable Amplification in Policy Engine High
CVE-2026-23881 was published for github.com/kyverno/kyverno (Go) Jan 27, 2026
thevilledev Credited to thevilledev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database