Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
yauzl contains an off-by-one error Moderate
CVE-2026-31988 was published for yauzl (npm) Mar 12, 2026
adalinesimonian Credited to adalinesimonian
GoBGP panics due to a zero value for softwareVersionLen High
CVE-2025-43971 was published for github.com/osrg/gobgp/v3 (Go) Apr 21, 2025
shaked-seal Credited to shaked-seal
Envoy affected by off-by-one write in JsonEscaper::escapeString() Moderate
CVE-2026-26309 was published for github.com/envoyproxy/envoy (Go) Mar 10, 2026
Finder16 Credited to Finder16, agrawroh, phlax, and botengyao agrawroh agrawroh
phlax phlax botengyao botengyao
OpenClaw has allowlist exec-guard bypass via env -S Moderate
GHSA-48wf-g7cp-gr3m was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
ml-dsa's UseHint function has off by two error when r0 equals zero Moderate
GHSA-h37v-hp6w-2pp8 was published for ml-dsa (Rust) Feb 2, 2026
XoifaiI Credited to XoifaiI
ImageMagick has a Heap Buffer Overflow in InterpretImageFilename Low
CVE-2025-53014 was published for Magick.NET-Q16-AnyCPU (NuGet) Aug 25, 2025
momo-trip Credited to momo-trip, iwashiira, utshina, and on-keyday iwashiira iwashiira
utshina utshina on-keyday on-keyday
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 Low
CVE-2023-41880 was published for wasmtime (Rust) Sep 14, 2023
afonso360 Credited to afonso360
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64 Low
CVE-2023-27477 was published for cranelift-codegen (Rust) Mar 9, 2023
afonso360 Credited to afonso360
GoBGP does not verify that the input length Moderate
CVE-2025-43973 was published for github.com/osrg/gobgp (Go) Apr 21, 2025
incorrect storage layout for contracts containing large arrays High
CVE-2023-46247 was published for vyper (pip) Dec 13, 2023
Heap buffer overflow caused by rounding Low
CVE-2021-29529 was published for tensorflow (pip) May 21, 2021
redis-py Race Condition vulnerability Moderate
CVE-2023-28858 was published for redis (pip) Mar 26, 2023
Apache Tomcat - Fix for CVE-2023-24998 was incomplete High
CVE-2023-28709 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jul 6, 2023
westonsteimel Credited to westonsteimel
Buffer Overflow in galois_2p8 Critical
CVE-2022-24988 was published for galois_2p8 (Rust) Feb 15, 2022
Off-by-one error in simple-slab High
CVE-2020-35893 was published for simple-slab (Rust) Aug 25, 2021
tdunlap607 Credited to tdunlap607
Off-by-one Error in v2fly/v2ray-core Critical
CVE-2021-4070 was published for github.com/v2fly/v2ray-core (Go) Feb 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database