Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
openssl-encrypt: TOTP rate limiter is in-memory only — not shared across workers, lost on restart Critical
GHSA-h45m-mgcp-q388 was published for openssl-encrypt (pip) Mar 31, 2026
Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints Critical
CVE-2026-25579 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
yunfachi Credited to yunfachi
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ixunio Credited to ixunio
Namada-apps allows Excessive Computation in Mempool Validation Critical
GHSA-f8qm-hmm3-fv7f was published for namada-apps (Rust) Feb 20, 2025
feliam Credited to feliam
Namada-apps can Crash with Excessive Computation in Mempool Validation Critical
GHSA-82vg-5v4f-f9wq was published for namada-apps (Rust) Feb 20, 2025
feliam Credited to feliam
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service Critical
CVE-2024-32874 was published for frigate (pip) May 9, 2024
Sim4n6 Credited to Sim4n6
Duplicate Advisory: EVE Freely Allocates Buffer on The Stack With Data From Socket Critical
GHSA-vpjr-h6fh-mw4p was published for github.com/lf-edge/eve (Go) Sep 21, 2023 withdrawn
Missing rate limit on rdiffweb Critical
CVE-2022-3439 was published for rdiffweb (pip) Oct 14, 2022
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning Critical
CVE-2019-15753 was published for os-vif (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database