GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
131,736 advisories
Filter by severity
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer...
High
Unreviewed
CVE-2026-53689
was published
Jun 10, 2026
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers...
High
Unreviewed
CVE-2026-10130
was published
Jul 19, 2026
A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share`...
High
Unreviewed
CVE-2026-12228
was published
Jul 18, 2026
ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user....
High
Unreviewed
CVE-2026-53994
was published
Jul 18, 2026
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: take...
High
Unreviewed
CVE-2026-46093
was published
May 27, 2026
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix race...
High
Unreviewed
CVE-2026-45945
was published
May 27, 2026
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
High
CVE-2025-71358
was published
for
picklescan
(pip)
Aug 26, 2025
Nest: Middleware Bypass on Fastify via Trailing Slash
High
CVE-2026-54281
was published
for
@nestjs/platform-fastify
(npm)
Jun 15, 2026
SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and...
High
Unreviewed
CVE-2024-58369
was published
Jul 18, 2026
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users...
High
Unreviewed
CVE-2025-71397
was published
Jul 18, 2026
OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core...
High
Unreviewed
CVE-2026-11826
was published
Jul 18, 2026
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor...
High
Unreviewed
CVE-2024-58365
was published
Jul 18, 2026
SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST...
High
Unreviewed
CVE-2024-58368
was published
Jul 18, 2026
SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE,...
High
Unreviewed
CVE-2024-58367
was published
Jul 18, 2026
SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace...
High
Unreviewed
CVE-2025-71395
was published
Jul 18, 2026
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module...
High
Unreviewed
CVE-2025-71391
was published
Jul 18, 2026
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested...
High
Unreviewed
CVE-2024-58370
was published
Jul 18, 2026
SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time()...
High
Unreviewed
CVE-2024-58357
was published
Jul 18, 2026
SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span...
High
Unreviewed
CVE-2024-58364
was published
Jul 18, 2026
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting...
High
Unreviewed
CVE-2024-58359
was published
Jul 18, 2026
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file...
High
Unreviewed
CVE-2026-9147
was published
Jul 18, 2026
SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the...
High
Unreviewed
CVE-2024-58362
was published
Jul 18, 2026
SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT,...
High
Unreviewed
CVE-2023-54366
was published
Jul 18, 2026
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the...
High
Unreviewed
CVE-2024-58361
was published
Jul 18, 2026
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is...
High
Unreviewed
CVE-2026-16095
was published
Jul 18, 2026
ProTip!
Advisories are also available from the
GraphQL API