Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
64
GitHub Actions
50
Go
3,833
Maven
5,000+
npm
5,000+
NuGet
944
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,358
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
@fastify/static vulnerable to route guard bypass via encoded path separators Moderate
CVE-2026-6414 was published for @fastify/static (npm) Apr 16, 2026
blakeembrey Credited to blakeembrey, mcollina, UlisesGascon, and climba03003 mcollina mcollina
UlisesGascon UlisesGascon climba03003 climba03003
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Moderate
CVE-2023-47106 was published for github.com/traefik/traefik/v2 (Go) Dec 5, 2023
Benasin Credited to Benasin
vercel/serve allows access to restricted files if filename is URL encoded. Moderate
CVE-2018-3718 was published for serve (npm) Aug 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database