Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
@sigstore/core has DSSE payloadType type-binding failure Moderate
CVE-2026-48758 was published for @sigstore/core (npm) Jun 26, 2026
Str1ckl4nd Credited to Str1ckl4nd and Zyy0530 Zyy0530 Zyy0530
http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass Moderate
CVE-2026-55602 was published for http-proxy-middleware (npm) Jun 18, 2026
Str1ckl4nd Credited to Str1ckl4nd, Zyy0530, 7thParkk, G-Rath, and ethantkoenig Zyy0530 Zyy0530
7thParkk 7thParkk G-Rath G-Rath ethantkoenig ethantkoenig
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass High
CVE-2026-9675 was published for undici (npm) Jun 18, 2026
mauriceng98 Credited to mauriceng98, Str1ckl4nd, mcollina, and UlisesGascon Str1ckl4nd Str1ckl4nd
mcollina mcollina UlisesGascon UlisesGascon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database