Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,538
Maven
5,000+
npm
5,000+
NuGet
914
pip
4,790
Pub
13
RubyGems
1,037
Rust
1,232
Swift
53
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors Moderate
CVE-2026-40249 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts High
CVE-2026-40069 was published for bsv-sdk (RubyGems) Apr 9, 2026
sgbett Credited to sgbett
Cosign's verify-blob-attestation reports false positive when payload parsing fails Moderate
CVE-2026-39395 was published for github.com/sigstore/cosign (Go) Apr 8, 2026
kodareef5 Credited to kodareef5
OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open) Low
GHSA-cwq8-6f96-g3q4 was published for openclaw (npm) Apr 2, 2026
davidluzsilva Credited to davidluzsilva
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation High
CVE-2026-33939 was published for handlebars (npm) Mar 27, 2026
trace37labs Credited to trace37labs
Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds Moderate
CVE-2026-20719 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 25, 2026
@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling Low
GHSA-8g29-8xwr-qmhr was published for @grackle-ai/server (npm) Mar 25, 2026
socket.io allows an unbounded number of binary attachments High
CVE-2026-33151 was published for socket.io-parser (npm) Mar 18, 2026
x4cc3 Credited to x4cc3 and darrachequesne darrachequesne darrachequesne
RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface Critical
CVE-2026-30960 was published for rssn (Rust) Mar 10, 2026
panayang Credited to panayang
Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig High
CVE-2026-25639 was published for axios (npm) Feb 9, 2026
hackerman70000 Credited to hackerman70000 and FeBe95 FeBe95 FeBe95
openmls has improper tag validation High
GHSA-8x3w-qj7j-gqhf was published for openmls (Rust) Feb 4, 2026
ingress-nginx has Improper Check for Unusual or Exceptional Conditions Low
CVE-2026-24513 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
go-tuf affected by client DoS via malformed server response Moderate
CVE-2026-23991 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal Credited to 1seal, kommendorkapten, and rdimitrov kommendorkapten kommendorkapten
rdimitrov rdimitrov
Drupal core allows Forceful Browsing Low
CVE-2025-13080 was published for drupal/core (Composer) Nov 18, 2025
InventoryGui affected by item duplication in GUIs which use GuiStorageElement Moderate
CVE-2025-62783 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
FaMa91 Credited to FaMa91
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user High
CVE-2025-61668 was published for @plone/volto (npm) Oct 1, 2025
Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions High
CVE-2025-52931 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions Moderate
CVE-2025-54463 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions Moderate
CVE-2025-53514 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary High
GHSA-rj53-j6jw-7f7g was published for github.com/babylonlabs-io/babylon/v2 (Go) Jul 8, 2025
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions Moderate
CVE-2025-53359 was published for ethereum (Rust) Jul 2, 2025
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed Moderate
CVE-2025-32997 was published for http-proxy-middleware (npm) Apr 15, 2025
sealonohana Credited to sealonohana
Mattermost has Improper Check for Unusual or Exceptional Conditions Low
CVE-2025-22445 was published for github.com/mattermost/mattermost/server/v8 (Go) Jan 9, 2025
OpenStack Neutron can use an incorrect ID during policy enforcement Moderate
CVE-2024-53916 was published for neutron (pip) Nov 25, 2024
bottarocarlo Credited to bottarocarlo
Apache Tomcat - Authentication Bypass Critical
CVE-2024-52316 was published for org.apache.tomcat:tomcat-catalina (Maven) Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database