Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz Credited to k14uz, falkoschindler, and evnchn falkoschindler falkoschindler
evnchn evnchn
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access High
CVE-2026-24740 was published for github.com/amir20/dozzle (Go) Jan 27, 2026
k14uz Credited to k14uz
Orval Mock Generation Code Injection via const High
CVE-2026-24132 was published for @orval/mock (npm) Jan 22, 2026
k14uz Credited to k14uz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database