Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed High
CVE-2026-27586 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
moscowchill Credited to moscowchill
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi Credited to rsukhodolskyi
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
Babylon vulnerable to chain half when transaction has fees different than `ubbn` High
GHSA-56j4-446m-qrf6 was published for github.com/babylonlabs-io/babylon (Go) Jun 30, 2025
github.com/nats-io/nats-server Import token permissions checking not enforced High
GHSA-j756-f273-xhp4 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
Traefik vulnerable to denial of service with Content-length header High
CVE-2024-28869 was published for github.com/traefik/traefik (Go) Apr 12, 2024
Prajithp Credited to Prajithp
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang Credited to oliverchang
Traefik HTTP/2 connections management could cause a denial of service High
CVE-2022-39271 was published for github.com/traefik/traefik/v2 (Go) Oct 10, 2022
Ory fosite contains Improper Handling of Exceptional Conditions High
CVE-2020-15223 was published for github.com/ory/fosite (Go) May 24, 2021
jclebreton Credited to jclebreton
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r Credited to mrd0ll4r
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database