Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass Critical
CVE-2026-44180 was published for jupyter_enterprise_gateway (pip) Jun 3, 2026
ben-elttam Credited to ben-elttam, matt-elttam, daniel-elttam, and lresende matt-elttam matt-elttam
daniel-elttam daniel-elttam lresende lresende
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring High
CVE-2026-42462 was published for @fedify/fedify (npm) May 26, 2026
go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git High
CVE-2026-45022 was published for github.com/go-git/go-git/v5 (Go) May 11, 2026
adityasaky Credited to adityasaky, wlynch, patzielinski, bugbunny-research, and wayphinder wlynch wlynch
patzielinski patzielinski bugbunny-research bugbunny-research wayphinder wayphinder
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses Moderate
CVE-2026-39409 was published for hono (npm) Apr 8, 2026
r74tech Credited to r74tech
Vite: `server.fs.deny` bypassed with queries High
CVE-2026-39364 was published for vite (npm) Apr 6, 2026
odgrso Credited to odgrso, ritikchaddha, neo-ai-engineer, instantraaamen, fg0x0, jonathanwd, kq5y, and bluwy ritikchaddha ritikchaddha
neo-ai-engineer neo-ai-engineer instantraaamen instantraaamen fg0x0 fg0x0 jonathanwd jonathanwd kq5y kq5y bluwy bluwy
Rack:: Static header_rules bypass via URL-encoded paths Moderate
CVE-2026-34786 was published for rack (RubyGems) Apr 2, 2026
harukioya Credited to harukioya, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url... Moderate Unreviewed
CVE-2026-34475 was published Mar 27, 2026
OpenClaw has a workspace-only sandbox guard mismatch for @-prefixed absolute paths Moderate
CVE-2026-32033 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP High
CVE-2026-24895 was published for github.com/dunglas/frankenphp (Go) Feb 12, 2026
AbdrrahimDahmani Credited to AbdrrahimDahmani, dunglas, and hans362 dunglas dunglas
hans362 hans362
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33194 was published Nov 25, 2025
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9.... Moderate Unreviewed
CVE-2025-43716 was published Apr 23, 2025
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write High
CVE-2025-29787 was published for zip (Rust) Mar 17, 2025
eternal-flame-AD Credited to eternal-flame-AD and Pr0methean Pr0methean Pr0methean
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such... Low Unreviewed
CVE-2024-28607 was published Mar 11, 2025
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to... Critical Unreviewed
CVE-2022-26136 was published Jul 21, 2022
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause... High Unreviewed
CVE-2022-26137 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database