Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

8,907 advisories

Loading
Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress High
GHSA-j7j6-7hfx-5522 was published for waitress (pip) May 24, 2022 withdrawn
File restriction bypass in socket.io-file High
CVE-2020-24807 was published for socket.io-file (npm) Oct 2, 2020
Duplicate Advisory: "Arbitrary code execution in socket.io-file" High
GHSA-r2gr-fhmr-66c5 was published for socket.io-file (npm) May 10, 2021 withdrawn
jaraco.context Has a Path Traversal Vulnerability High
CVE-2026-23949 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007 snieguu
Credited to tsigouris007 and snieguu
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code High
CVE-2025-54313 was published for @pkgr/core (npm) Jul 19, 2025
Pradoxzon
Credited to Pradoxzon
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Credited to jfleming-ic
Orval Mock Generation Code Injection via const High
CVE-2026-24132 was published for @orval/mock (npm) Jan 22, 2026
k14uz
Credited to k14uz
Class Loading Vulnerability in Artemis High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz
Credited to juliuskreutz
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Denial of service in CBOR library High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor High
GHSA-hfj8-63c8-rmfw was published for com.upokecenter:cbor (Maven) Jan 19, 2024 withdrawn
Modified package published to npm, containing malware that exfiltrates private key material High
CVE-2024-54134 was published for @solana/web3.js (npm) Dec 4, 2024
Duplicate Advisory: Exposure of sensitive information in ClickHouse High
GHSA-3p77-wg4c-qm24 was published for com.clickhouse:clickhouse-client (Maven) Jan 19, 2024 withdrawn
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares High
CVE-2024-23683 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 21, 2022
Haspamelodica
Credited to Haspamelodica
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-23rx-79r7-6cpx was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox High
CVE-2024-23681 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 10, 2023
LDAP
Credited to LDAP
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-c4pg-5ggh-vcpp was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Sentencepiece has a a heap overflow issue High
CVE-2026-1260 was published for sentencepiece (pip) Jan 22, 2026
Incus container image templating arbitrary host file read and write High
CVE-2026-23954 was published for github.com/lxc/incus/v6/cmd/incusd (Go) Jan 22, 2026
rmcnamara-snyk
Credited to rmcnamara-snyk
Incus container environment configuration newline injection High
CVE-2026-23953 was published for github.com/lxc/incus/v6 (Go) Jan 22, 2026
rmcnamara-snyk
Credited to rmcnamara-snyk
Dragonfly Manager Job API Unauthenticated Access High
CVE-2026-24124 was published for d7y.io/dragonfly/v2 (Go) Jan 22, 2026
b0b0haha
Credited to b0b0haha
docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage High
CVE-2026-24009 was published for docling-core (pip) Jan 22, 2026
avioligo vagenas
PeterStaar-IBM dolfim-ibm tiran
Credited to avioligo, vagenas, PeterStaar-IBM, dolfim-ibm, and tiran
Soft Serve Affected by an Authentication Bypass High
CVE-2026-24058 was published for github.com/charmbracelet/soft-serve (Go) Jan 21, 2026
juancabe aymanbagabas
Credited to juancabe and aymanbagabas
SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions High
GHSA-3v2x-9xcv-2v2v was published for surrealdb (Rust) Jan 22, 2026
cure53
Credited to cure53
Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack High
CVE-2026-24049 was published for wheel (pip) Jan 22, 2026
kilkat henryiii
agronholm
Credited to kilkat, henryiii, and agronholm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database