Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect Low
CVE-2022-31151 was published for undici (npm) Jul 21, 2022
Haxatron Credited to Haxatron
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package Low
GHSA-mgr7-5782-6jh9 was published for Umbraco.Headless.Client.Net (NuGet) Jan 13, 2025
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type... Low Unreviewed
CVE-2026-3634 was published Mar 17, 2026
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the ... Low Unreviewed
CVE-2026-3633 was published Mar 17, 2026
Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter Low
GHSA-c7w3-x93f-qmm8 was published for nodemailer (npm) Mar 26, 2026
esquilichi Credited to esquilichi
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib... Low Unreviewed
CVE-2026-43969 was published May 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database