Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

474 advisories

Loading
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation... High Unreviewed
CVE-2026-28542 was published Mar 5, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future Moderate
CVE-2026-27195 was published for wasmtime (Rust) Feb 24, 2026
dicej Credited to dicej
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed High
CVE-2026-27586 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
moscowchill Credited to moscowchill
Cube Core is vulnerable to Denial of Service (DoS) via crafted request Moderate
CVE-2026-25957 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr Credited to ovr
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1... Moderate Unreviewed
CVE-2026-23762 was published Jan 22, 2026
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE... High Unreviewed
CVE-2026-21906 was published Jan 15, 2026
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper... High Unreviewed
CVE-2026-0203 was published Jan 15, 2026
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
matrix-sdk-base denial of service via custom m.room.join_rules event values Low
CVE-2025-66622 was published for matrix-sdk-base (Rust) Dec 8, 2025
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton Credited to alexcrichton
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated... High Unreviewed
CVE-2025-53702 was published Oct 23, 2025
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the... High Unreviewed
CVE-2025-9437 was published Oct 14, 2025
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi Credited to rsukhodolskyi
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application include Windows... High Unreviewed
CVE-2025-34193 was published Sep 19, 2025
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
GHSA-4vr7-g93g-cf6m was published for picklescan (pip) Sep 17, 2025 withdrawn
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
A security issue exists in the protected mode of EN4TR devices, where sending specifically... High Unreviewed
CVE-2025-8008 was published Sep 9, 2025
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
Vulnerability of improper processing of abnormal conditions in huge page separation. Impact:... High Unreviewed
CVE-2025-54634 was published Aug 6, 2025
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the... Moderate Unreviewed
CVE-2025-27465 was published Jul 16, 2025
An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF)... High Unreviewed
CVE-2025-52948 was published Jul 11, 2025
An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper... High Unreviewed
CVE-2025-52947 was published Jul 11, 2025
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All... Moderate Unreviewed
CVE-2025-41222 was published Jul 8, 2025
Babylon vulnerable to chain half when transaction has fees different than `ubbn` High
GHSA-56j4-446m-qrf6 was published for github.com/babylonlabs-io/babylon (Go) Jun 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database