GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Moderate
CVE-2026-54777
was published
for
CoreWCF.NetNamedPipe
(NuGet)
Jun 19, 2026
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Moderate
GHSA-cmwh-pvxp-8882
was published
for
dompurify
(npm)
Jun 18, 2026
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Low
CVE-2026-54279
was published
for
aiohttp
(pip)
Jun 15, 2026
PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module
Low
CVE-2025-2149
was published
for
torch
(pip)
Mar 10, 2025
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)
High
GHSA-f5v8-v6q3-q4h6
was published
for
Meridian.Mapping
(NuGet)
Apr 16, 2026
filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity
Low
CVE-2026-26958
was published
for
filippo.io/edwards25519
(Go)
Feb 18, 2026
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
ArrayQueue's push_front is not panic-safe
Moderate
GHSA-xqjr-wfx3-gmxv
was published
for
array-queue
(Rust)
Sep 2, 2025
IdMap from_iter may lead to uninitialized memory being freed on drop
Moderate
GHSA-qq4c-hm99-979m
was published
for
id-map
(Rust)
Aug 18, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Interpreter crash from `tf.io.decode_raw`
Moderate
CVE-2021-29614
was published
for
tensorflow
(pip)
May 21, 2021
Incomplete validation in `tf.raw_ops.CTCLoss`
Moderate
CVE-2021-29613
was published
for
tensorflow
(pip)
May 21, 2021
Invalid validation in `QuantizeAndDequantizeV2`
Low
CVE-2021-29610
was published
for
tensorflow
(pip)
May 21, 2021
Incomplete validation in `SparseReshape`
Low
CVE-2021-29611
was published
for
tensorflow
(pip)
May 21, 2021
Incomplete validation in `SparseAdd`
Moderate
CVE-2021-29609
was published
for
tensorflow
(pip)
May 21, 2021
Code execution vulnerability in HtmlUnit
High
CVE-2020-5529
was published
for
net.sourceforge.htmlunit:htmlunit
(Maven)
May 21, 2020
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Moderate
CVE-2023-40349
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Aug 16, 2023
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
High
CVE-2020-8918
was published
for
github.com/google/go-tpm
(Go)
Feb 11, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Low
CVE-2022-39284
was published
for
codeigniter4/framework
(Composer)
Oct 6, 2022
Improper Initialization in OpenZeppelin
High
CVE-2021-46320
was published
for
@openzeppelin/contracts
(npm)
Feb 5, 2022
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Moderate
CVE-2023-22466
was published
for
tokio
(Rust)
Jan 6, 2023
Use of Uninitialized Resource in alg_ds
Critical
CVE-2020-36432
was published
for
alg_ds
(Rust)
Aug 25, 2021
Resource Exhaustion Denial of Service in http-proxy-agent
Moderate
CVE-2019-10196
was published
for
http-proxy-agent
(npm)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API