Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab... Critical Unreviewed
CVE-2025-62583 was published Oct 16, 2025
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote... Critical Unreviewed
CVE-2024-7003 was published Aug 6, 2024
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72... Critical Unreviewed
CVE-2024-6995 was published Aug 6, 2024
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed
CVE-2024-3845 was published Apr 17, 2024
A non-feature complete authentication mechanism exists in the production application allowing an... Critical Unreviewed
CVE-2023-3266 was published Aug 14, 2023
Parameter verification vulnerability in the installd module. Successful exploitation of this... Critical Unreviewed
CVE-2023-39403 was published Aug 13, 2023
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP... Critical Unreviewed
CVE-2016-10229 was published May 17, 2022
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA)... Critical Unreviewed
CVE-2018-0268 was published May 13, 2022
Spring Framework has Improperly Implemented Security Check for Standard Critical
CVE-2018-1275 was published for org.springframework:spring-messaging (Maven) Oct 17, 2018
sunSUNQ MarkLee131
Credited to sunSUNQ and MarkLee131
Spring Framework allows applications to expose STOMP over WebSocket endpoints Critical
CVE-2018-1270 was published for org.springframework:spring-messaging (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database