Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary... High Unreviewed
CVE-2026-8036 was published Jun 2, 2026
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided Moderate
CVE-2026-41907 was published for uuid (npm) Apr 22, 2026
0xStraw-Hat Credited to 0xStraw-Hat, frattaro, julianladisch, uniabis, c-harding, milenkotomic, jwasnoggin, and mhassan1 frattaro frattaro
julianladisch julianladisch uniabis uniabis c-harding c-harding milenkotomic milenkotomic jwasnoggin jwasnoggin mhassan1 mhassan1
The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database... Moderate Unreviewed
CVE-2026-9100 was published May 20, 2026
Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation Critical
CVE-2026-33557 was published for org.apache.kafka:kafka-clients (Maven) Apr 20, 2026
Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers... Moderate Unreviewed
CVE-2018-25232 was published Mar 30, 2026
libcrux: Panic in Signature Hint Decoding During Verification High
GHSA-xrf2-5r3p-5wgj was published for libcrux-ml-dsa (Rust) Mar 26, 2026
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi... Moderate Unreviewed
CVE-2025-2399 was published Mar 10, 2026
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2019-25622 was published Mar 23, 2026
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash... Moderate Unreviewed
CVE-2019-25625 was published Mar 23, 2026
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to... Moderate Unreviewed
CVE-2019-25593 was published Mar 22, 2026
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool` Moderate
GHSA-2557-x9mg-76w8 was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
KonradStaniec Credited to KonradStaniec, gitferry, SebastianElvis, and vitsalis gitferry gitferry
SebastianElvis SebastianElvis vitsalis vitsalis
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to... Moderate Unreviewed
CVE-2026-20440 was published Mar 2, 2026
Formwork improperly validates input of User role preventing site and panel availability High
GHSA-c85w-x26q-ch87 was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412 Credited to Kyokito1412 and giuscris giuscris giuscris
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead... Moderate Unreviewed
CVE-2026-20413 was published Feb 2, 2026
In imgsys, there is a possible out of bounds write due to improper input validation. This could... High Unreviewed
CVE-2025-20796 was published Jan 6, 2026
Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary... Moderate Unreviewed
CVE-2025-48511 was published Nov 24, 2025
Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers,... Moderate Unreviewed
CVE-2025-48502 was published Nov 21, 2025
A guest can trigger an infinite loop in the hda audio driver. High Unreviewed
CVE-2024-51564 was published Nov 12, 2024
The NVMe driver queue processing is vulernable to guest-induced infinite loops. Moderate Unreviewed
CVE-2024-51566 was published Nov 12, 2024
The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD)... Moderate Unreviewed
CVE-2025-8291 was published Oct 7, 2025
There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing... High Unreviewed
CVE-2025-57775 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57778 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in an... High Unreviewed
CVE-2025-57776 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking resulting in a... High Unreviewed
CVE-2025-9189 was published Sep 2, 2025
There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when... High Unreviewed
CVE-2025-57777 was published Sep 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database