Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Unhandled crash in npm posix High
CVE-2022-21211 was published for posix (npm) Jun 11, 2022
Unchecked Return Value in xcb High
CVE-2021-26958 was published for xcb (Rust) Aug 25, 2021
Unchecked Return Value in xcb Critical
CVE-2021-26955 was published for xcb (Rust) Aug 25, 2021
amousset Credited to amousset
Pillow denial of service High
CVE-2021-28675 was published for Pillow (pip) Jun 8, 2021
ecrecover can return undefined data if signature does not verify Moderate
CVE-2023-37902 was published for vyper (pip) Jul 25, 2023
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors Credited to sixcolors
Nokogiri does not check the return value from xmlC14NExecute Moderate
GHSA-wx95-c6cv-8532 was published for nokogiri (RubyGems) Feb 18, 2026
ImageMagick has uninitialized pointer dereference in JBIG decoder High
CVE-2026-28691 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest High
CVE-2026-31830 was published for sigstore (RubyGems) Mar 11, 2026
hanazuki Credited to hanazuki
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database