Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,371 advisories

Loading
Fiber has a Denial of Service Vulnerability via Route Parameter Overflow Moderate
CVE-2026-25882 was published for github.com/gofiber/fiber/v2 (Go) Feb 24, 2026
sixcolors TheAspectDev
gaby ReneWerner87
Credited to sixcolors, TheAspectDev, gaby, and ReneWerner87
Caddy is vulnerable to cross-origin config application via local admin API /load Moderate
CVE-2026-27589 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
1seal
Credited to 1seal
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections Moderate
CVE-2026-27585 was published for github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver (Go) Feb 24, 2026
parrot409
Credited to parrot409
nats-server websockets are vulnerable to pre-auth memory DoS Moderate
CVE-2026-27571 was published for github.com/nats-io/nats-server (Go) Feb 24, 2026
Centrifugo v6.6.0 dependency vulnerabilities Moderate
GHSA-j9wf-6r2x-hqmx was published for github.com/centrifugal/centrifugo/v6 (Go) Feb 19, 2026
samir-is-here
Credited to samir-is-here
Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled Moderate
CVE-2026-26963 was published for github.com/cilium/cilium (Go) Feb 19, 2026
julianwiedmann smagnani96
Credited to julianwiedmann and smagnani96
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai sprt
fidencio stevenhorsman
Credited to kostya-oai, sprt, fidencio, and stevenhorsman
Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints Moderate
CVE-2026-27111 was published for github.com/akuity/kargo (Go) Feb 19, 2026
b0b0haha krancour
Credited to b0b0haha and krancour
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake Moderate
CVE-2026-26315 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
fengjian
Credited to fengjian
Go Ethereum affected by DoS via malicious p2p message Moderate
CVE-2026-26313 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
revofusion
Credited to revofusion
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown
Credited to PlayerIUnknown
Echo has a Windows path traversal via backslash in middleware.Static default filesystem Moderate
CVE-2026-25766 was published for github.com/labstack/echo/v5 (Go) Feb 17, 2026
shblue21 aldas
vishr
Credited to shblue21, aldas, and vishr
Unauthenticated File Upload in Gogs Moderate
CVE-2026-25242 was published for gogs.io/gogs (Go) Feb 17, 2026
Gogs has an Authorization Bypass Allows Cross-Repository Label Modification in Gogs Moderate
CVE-2026-25229 was published for gogs.io/gogs (Go) Feb 17, 2026
spingARbor
Credited to spingARbor
Gogs Allows Cross-Repository Comment Deletion via DeleteComment Moderate
CVE-2026-25120 was published for gogs.io/gogs (Go) Feb 17, 2026
tenbbughunters
Credited to tenbbughunters
Mattermost fails to properly validate team membership when processing channel mentions Moderate
CVE-2025-14350 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
Mattermost fails to sanitize sensitive data in WebSocket messages Moderate
CVE-2025-13821 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
Mattermost fails to properly validate login method restrictions Moderate
CVE-2026-0999 was published for github.com/mattermost/mattermost-server (Go) Feb 16, 2026
Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels Moderate
CVE-2026-0997 was published for github.com/mattermost/mattermost-plugin-zoom (Go) Feb 16, 2026
Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint Moderate
CVE-2026-0998 was published for github.com/mattermost/mattermost-plugin-zoom (Go) Feb 16, 2026
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts Moderate
CVE-2026-22892 was published for github.com/mattermost/mattermost-server (Go) Feb 13, 2026
golang.org/x/net/html has a Quadratic Parsing Complexity issue Moderate
CVE-2025-47911 was published for golang.org/x/net/html (Go) Feb 12, 2026
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map Moderate
CVE-2026-21438 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
webtransport-go: CloseWithError can block indefinitely Moderate
CVE-2026-21435 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule Moderate
CVE-2026-21434 was published for github.com/quic-go/webtransport-go (Go) Feb 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database