Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

99 advisories

Loading
CIRCL has an incorrect calculation in secp384r1 CombinedMult Low
CVE-2026-1229 was published for github.com/cloudflare/circl (Go) Feb 25, 2026
guidovranken Credited to guidovranken
ml-dsa's UseHint function has off by two error when r0 equals zero Moderate
GHSA-h37v-hp6w-2pp8 was published for ml-dsa (Rust) Feb 2, 2026
XoifaiI Credited to XoifaiI
soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives High
CVE-2026-24783 was published for soroban-fixed-point-math (Rust) Jan 28, 2026
An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of... High Unreviewed
CVE-2026-21911 was published Jan 15, 2026
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files Low
CVE-2025-48985 was published for ai (npm) Nov 7, 2025
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and... Moderate Unreviewed
CVE-2025-55552 was published Sep 25, 2025
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method Low
CVE-2025-59047 was published for matrix-sdk-base (Rust) Sep 11, 2025
poljar Credited to poljar
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in... Moderate Unreviewed
CVE-2025-5372 was published Jul 4, 2025
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that... High Unreviewed
CVE-2025-4435 was published Jun 3, 2025
Vyper's sqrt doesn't define rounding behavior Low
CVE-2025-26622 was published for vyper (pip) Feb 21, 2025
The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. Moderate Unreviewed
CVE-2024-25883 was published Feb 7, 2025
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with... Moderate Unreviewed
CVE-2024-11407 was published Nov 26, 2024
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and... Critical Unreviewed
CVE-2024-23981 was published Aug 14, 2024
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix... Moderate Unreviewed
CVE-2024-42231 was published Jul 30, 2024
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow... High Unreviewed
CVE-2024-41011 was published Jul 18, 2024
Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of... High Unreviewed
CVE-2024-6287 was published Jun 24, 2024
An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect... Critical Unreviewed
CVE-2024-36736 was published Jun 6, 2024
evmos allows transferring unvested tokens after delegations Low
CVE-2024-32873 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with... Moderate Unreviewed
CVE-2023-43490 was published Mar 14, 2024
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause... Moderate Unreviewed
CVE-2023-31347 was published Feb 13, 2024
Vyper's `_abi_decode` input not validated in complex expressions Moderate
CVE-2023-42460 was published for vyper (pip) Sep 26, 2023
trocher Credited to trocher
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the... Moderate Unreviewed
CVE-2023-36980 was published Sep 11, 2023
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the... High Unreviewed
CVE-2023-2423 was published Aug 8, 2023
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before... High Unreviewed
CVE-2023-35848 was published Jun 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database