Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,822
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,225 advisories

Loading
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML... Critical Unreviewed
CVE-2025-49796 was published Jun 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath... Critical Unreviewed
CVE-2025-49794 was published Jun 16, 2025
Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action` Critical
CVE-2026-45087 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
drmingler Credited to drmingler
OpenClaw: Feishu webhook and card-action validation now fail closed Critical
CVE-2026-44109 was published for openclaw (npm) Apr 17, 2026
dhyabi2 Credited to dhyabi2
OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation Critical
CVE-2026-43585 was published for openclaw (npm) Apr 17, 2026
zsxsoft Credited to zsxsoft, KeenSecurityLab, and qclawer KeenSecurityLab KeenSecurityLab
qclawer qclawer
Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling Critical
CVE-2026-41583 was published for zebra-script (Rust) Apr 18, 2026
conradoplg Credited to conradoplg, mpguerra, and sangsoo-osec mpguerra mpguerra
sangsoo-osec sangsoo-osec
Zebra has rk Identity Point Panic in Transaction Verification Critical
CVE-2026-41584 was published for zebra-chain (Rust) Apr 18, 2026
conradoplg Credited to conradoplg and mpguerra mpguerra mpguerra
Remote Code Execution (RCE) via String Literal Injection into math-codegen Critical
CVE-2026-41507 was published for math-codegen (npm) Apr 17, 2026
hits3134 Credited to hits3134 and hits313 hits313 hits313
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection Critical
CVE-2026-41497 was published for praisonai (pip) Apr 17, 2026
decsecre583 Credited to decsecre583
AstrBot is vulnerable to RCE with hard-coded JWT signing keys Critical
CVE-2025-55449 was published for astrbot (pip) Nov 14, 2025
Marven11 Credited to Marven11, Raven95676, and Soulter Raven95676 Raven95676
Soulter Soulter
Ghost has a SQL injection in Content API Critical
CVE-2026-26980 was published for ghost (npm) Feb 18, 2026
LibreNMS has an Authenticated OS Command Injection Critical
CVE-2024-51092 was published for librenms/librenms (Composer) Nov 15, 2024
mallo-m Credited to mallo-m
electerm has Command Injection via runLinux funtion Critical
CVE-2026-41501 was published for electerm (npm) Apr 24, 2026
Yuremin Credited to Yuremin and FORIMOC FORIMOC FORIMOC
LiteLLM has SQL Injection in Proxy API key verification Critical
CVE-2026-42208 was published for litellm (pip) Apr 24, 2026
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length... Critical Unreviewed
CVE-2024-45490 was published Aug 30, 2024
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid... Critical Unreviewed
CVE-2024-38612 was published Jun 19, 2024
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new... Critical Unreviewed
CVE-2024-35960 was published May 20, 2024
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer... Critical Unreviewed
CVE-2022-34835 was published Jul 1, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing... Critical Unreviewed
CVE-2019-14192 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with... Critical Unreviewed
CVE-2019-14195 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed... Critical Unreviewed
CVE-2019-14194 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14201 was published May 24, 2022
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for... Critical Unreviewed
CVE-2026-7428 was published May 12, 2026
Insecure generation of credentials in the local SAT (Technical Support) access functionality of... Critical Unreviewed
CVE-2026-8072 was published May 12, 2026
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a... Critical Unreviewed
CVE-2026-41551 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database