Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
Black's vulnerable version parsing leads to RCE in GitHub Action High
CVE-2026-31900 was published for psf/black (GitHub Actions) Mar 7, 2026
ParzivalHack Credited to ParzivalHack
Potential Actions command injection in output filenames (GHSL-2023-275) High
CVE-2023-52137 was published for tj-actions/verify-changed-files (GitHub Actions) Jan 2, 2024
jorgectf Credited to jorgectf and jsoref jsoref jsoref
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection Critical
CVE-2023-49291 was published for tj-actions/branch-names (GitHub Actions) Dec 5, 2023
AdnaneKhan Credited to AdnaneKhan and R3x R3x R3x
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database