Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,227
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,502
Pub
12
RubyGems
995
Rust
1,187
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,178 advisories

Loading
Unsigned SAML LogoutRequest Acceptance in gosaml2 High
GHSA-pcgw-qcv5-h8ch was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
gosaml2 CBC Padding Panic — Unauthenticated Process Crash High
GHSA-hwqm-qvj9-4jr2 was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
validateSignature Loop Variable Capture Signature Bypass in goxmldsig High
GHSA-479m-364c-43vc was published for github.com/russellhaering/goxmldsig (Go) Mar 18, 2026
tomasilluminati Credited to tomasilluminati
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques High
CVE-2026-33192 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error High
CVE-2026-33191 was published for github.com/free5gc/udm (Go) Mar 18, 2026
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference High
CVE-2026-33064 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion High
CVE-2026-33063 was published for github.com/free5gc/ausf (Go) Mar 18, 2026
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter High
CVE-2026-33062 was published for github.com/free5gc/nrf (Go) Mar 18, 2026
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS High
CVE-2026-32937 was published for github.com/free5gc/chf (Go) Mar 18, 2026
LinZiyuu Credited to LinZiyuu
Heimdall: Path received via Envoy gRPC corrupted when containing query string High
CVE-2026-32811 was published for github.com/dadrus/heimdall (Go) Mar 18, 2026
Kakadus Credited to Kakadus
Denial of service in github.com/jackc/pgproto3/v2 High
GHSA-jqcq-xjh3-6g23 was published for github.com/jackc/pgproto3/v2 (Go) Mar 18, 2026
Denial of service in github.com/buger/jsonparser High
GHSA-6g7g-w4f8-9c9x was published for github.com/buger/jsonparser (Go) Mar 18, 2026
Denial of service in github.com/shamaton/msgpack High
GHSA-h9q6-hc68-35rp was published for github.com/shamaton/msgpack/v2 (Go) Mar 18, 2026
Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS High
CVE-2026-32254 was published for github.com/cloudnativelabs/kube-router/v2 (Go) Mar 17, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32769 was published for github.com/ctfer-io/fullchain (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
Romeo is vulnerable to Archive Slip due to missing checks in sanitization High
CVE-2026-32805 was published for github.com/ctfer-io/romeo/webserver (Go) Mar 16, 2026
tanishqshah2 Credited to tanishqshah2
Monitoring is vulnerable to Archive Slip due to missing checks in sanitization High
CVE-2026-32771 was published for github.com/ctfer-io/monitoring (Go) Mar 16, 2026
tanishqshah2 Credited to tanishqshah2
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32737 was published for github.com/ctfer-io/romeo/environment/deploy (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace High
CVE-2026-32768 was published for github.com/ctfer-io/chall-manager/deploy (Go) Mar 16, 2026
ViRb3 Credited to ViRb3
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write High
CVE-2026-32749 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute High
CVE-2026-30405 was published for github.com/osrg/gobgp/v4 (Go) Mar 16, 2026
IncusOS has a LUKS encryption bypass due to insufficient TPM policy High
CVE-2026-32606 was published for github.com/lxc/incus-os/incus-osd (Go) Mar 16, 2026
Mattermost fails to properly handle very long passwords High
CVE-2026-24458 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control High
CVE-2026-32720 was published for github.com/ctfer-io/monitoring (Go) Mar 13, 2026
ViRb3 Credited to ViRb3
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database