Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 Moderate
CVE-2026-34944 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
Wasmtime has a possible panic when lifting `flags` component value Moderate
CVE-2026-34943 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
Go JOSE Panics in JWE decryption High
CVE-2026-34986 was published for github.com/go-jose/go-jose (Go) Apr 3, 2026
Haraka affected by DoS via `__proto__` email header High
CVE-2026-34752 was published for Haraka (npm) Apr 1, 2026
sebastianosrt Credited to sebastianosrt and msimerson msimerson msimerson
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error High
CVE-2026-33191 was published for github.com/free5gc/udm (Go) Mar 18, 2026
Uncaught Exception in Macro Expecting Native Function to Exist Moderate
GHSA-6wr5-jmpr-mjcx was published for surrealdb (Rust) Feb 21, 2024
idofilus Credited to idofilus
Uncaught Exception Handling Parsing Errors on Line Terminators Moderate
GHSA-8xff-473h-f863 was published for surrealdb (Rust) Feb 21, 2024
Cheyenne1025 Credited to Cheyenne1025
Parse Server LiveQuery subscription with invalid regular expression crashes server Moderate
CVE-2026-32770 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation High
CVE-2026-2229 was published for undici (npm) Mar 13, 2026
aisle-research Credited to aisle-research, mcollina, and UlisesGascon mcollina mcollina
UlisesGascon UlisesGascon
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client High
CVE-2026-1528 was published for undici (npm) Mar 13, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
phonenumber panics on parsing crafted RFC3966 inputs High
CVE-2023-42444 was published for phonenumber (Rust) Sep 21, 2023
sno2 Credited to sno2 and gferon gferon gferon
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing High
CVE-2026-31812 was published for quinn-proto (Rust) Mar 11, 2026
Vikunja has Path Traversal in CLI Restore High
CVE-2026-27819 was published for code.vikunja.io/api (Go) Feb 26, 2026
Formwork improperly validates input of User role preventing site and panel availability High
GHSA-c85w-x26q-ch87 was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412 Credited to Kyokito1412 and giuscris giuscris giuscris
fast-xml-parser has RangeError DoS Numeric Entities Bug High
CVE-2026-25128 was published for fast-xml-parser (npm) Jan 30, 2026
mistersiddd Credited to mistersiddd
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service High
CVE-2026-25577 was published for emmett-core (pip) Feb 10, 2026
Ryu-GeonWoo Credited to Ryu-GeonWoo
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic Low
GHSA-vhvq-fv9f-wh4q was published for github.com/authzed/spicedb (Go) Feb 6, 2026
1seal Credited to 1seal
Panic mishandled in libpulse-binding High
CVE-2019-25055 was published for libpulse-binding (Rust) Jan 6, 2022
Duplicate Advisory: Uncaught Exception in libpulse-binding Moderate
GHSA-wcxc-jf6c-8rx9 was published for libpulse-binding (Rust) Aug 25, 2021 withdrawn
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try Credited to cold-try, teemingc, benmccann, and d-xuan teemingc teemingc
benmccann benmccann d-xuan d-xuan
rPGP Panics on Malformed Untrusted Input High
CVE-2024-53856 was published for pgp (Rust) Dec 5, 2024
invd Credited to invd, hko-s, dignifiedquire, and link2xt hko-s hko-s
dignifiedquire dignifiedquire link2xt link2xt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database