Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Memory flaw in zeroize_derive Critical
CVE-2021-45706 was published for zeroize_derive (Rust) Jan 6, 2022
sugar700 Credited to sugar700
Spring Security logout not clearing security context Moderate
CVE-2023-20862 was published for org.springframework.security:spring-security-core (Maven) Apr 19, 2023
joshbressers Credited to joshbressers
Upgrading doesn't prevent exploiting vulnerable XWiki documents Critical
CVE-2023-36468 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 30, 2023
Flarum mishandles invalidation of user email tokens High
CVE-2019-11514 was published for flarum/flarum (Composer) May 24, 2022
redis-py Race Condition due to incomplete fix High
CVE-2023-28859 was published for redis (pip) Mar 26, 2023
artoj-iceye Credited to artoj-iceye and sreecharanguduri sreecharanguduri sreecharanguduri
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs Credited to N0el4kLs
Apache Tomcat Incomplete Cleanup vulnerability Moderate
CVE-2023-42794 was published for org.apache.tomcat:tomcat-coyote (Maven) Oct 10, 2023
Moodle HTTP authorization header is preserved between "emulated redirects" Moderate
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Apache Tomcat Incomplete Cleanup vulnerability Moderate
CVE-2023-42795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1 and mpihelgas mpihelgas mpihelgas
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat Moderate
CVE-2024-23672 was published for org.apache.tomcat.embed:tomcat-embed-websocket (Maven) Mar 13, 2024
westonsteimel Credited to westonsteimel
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability High
CVE-2023-41835 was published for org.apache.struts:struts2-core (Maven) Dec 5, 2023
Apache Struts is Vulnerable to DoS via File Leak High
CVE-2025-64775 was published for org.apache.struts:struts2-core (Maven) Dec 1, 2025
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond Moderate
GHSA-4rmq-mc2c-r495 was published for github.com/babylonlabs-io/babylon (Go) Dec 9, 2025
Apache Struts has a Denial of Service vulnerability High
CVE-2025-66675 was published for org.apache.struts:struts2-core (Maven) Dec 10, 2025
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map Moderate
CVE-2026-21438 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse Critical
CVE-2026-28268 was published for code.vikunja.io/api (Go) Feb 28, 2026
VashuVats Credited to VashuVats
Multer vulnerable to Denial of Service via incomplete cleanup High
CVE-2026-3304 was published for multer (npm) Mar 1, 2026
EthanKim88 Credited to EthanKim88, ctcpip, UlisesGascon, and bjohansebas ctcpip ctcpip
UlisesGascon UlisesGascon bjohansebas bjohansebas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database