Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,822
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

30,225 advisories

Loading
Affected devices do not properly validate and sanitize PLC/station name rendered on the ... Critical Unreviewed
CVE-2026-25786 was published May 12, 2026
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on... Critical Unreviewed
CVE-2026-25787 was published May 12, 2026
Improper neutralization of special elements used in an SQL command ('SQL injection')... Critical Unreviewed
CVE-2025-6577 was published May 12, 2026
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6:... Critical Unreviewed
CVE-2024-47685 was published Oct 21, 2024
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported... Critical Unreviewed
CVE-2024-5535 was published Jun 27, 2024
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS... Critical Unreviewed
CVE-2024-37371 was published Jun 29, 2024
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv:... Critical Unreviewed
CVE-2024-35845 was published May 17, 2024
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU... Critical Unreviewed
CVE-2024-27053 was published May 1, 2024
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has... Critical Unreviewed
CVE-2023-51385 was published Dec 18, 2023
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is... Critical Unreviewed
CVE-2023-38545 was published Oct 18, 2023
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop... Critical Unreviewed
CVE-2023-28531 was published Mar 17, 2023
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14203 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14204 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at... Critical Unreviewed
CVE-2019-14197 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an... Critical Unreviewed
CVE-2019-14193 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed... Critical Unreviewed
CVE-2019-14196 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed... Critical Unreviewed
CVE-2019-14198 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14200 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing... Critical Unreviewed
CVE-2019-14199 was published May 24, 2022
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in... Critical Unreviewed
CVE-2019-14202 was published May 24, 2022
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation.... Critical Unreviewed
CVE-2026-41872 was published May 12, 2026
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows... Critical Unreviewed
CVE-2026-34260 was published May 12, 2026
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user... Critical Unreviewed
CVE-2026-34263 was published May 12, 2026
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE... Critical Unreviewed
CVE-2025-67887 was published May 8, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database