Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,857
Maven
5,000+
npm
4,488
NuGet
780
pip
4,243
Pub
12
RubyGems
975
Rust
1,095
Swift
49
Unreviewed advisories
All unreviewed
5,000+

25,567 advisories

Loading
Use after free in libpulse-binding Moderate
CVE-2018-25001 was published for libpulse-binding (Rust) Feb 3, 2024
Duplicate Advisory: Use after free in libpulse-binding Moderate
GHSA-6gvc-4jvj-pwq4 was published for libpulse-binding (Rust) Aug 30, 2021 withdrawn
HTTP Request Smuggling: Content-Length Sent Twice in Waitress Critical
CVE-2019-16792 was published for waitress (pip) Dec 20, 2019
Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress High
GHSA-j7j6-7hfx-5522 was published for waitress (pip) May 24, 2022 withdrawn
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide Moderate
CVE-2025-22234 was published for org.springframework.security:spring-security-core (Maven) Jan 22, 2026
Metricbeat affected by multiple denial of service vulnerabilities Moderate
CVE-2026-0528 was published for github.com/elastic/beats/v7 (Go) Jan 13, 2026
Container and Containerization archive extraction does not guard against escapes from extraction base directory. Low
CVE-2026-20613 was published for github.com/apple/container (Swift) Jan 22, 2026
LLfam
Credited to LLfam
File restriction bypass in socket.io-file High
CVE-2020-24807 was published for socket.io-file (npm) Oct 2, 2020
Duplicate Advisory: "Arbitrary code execution in socket.io-file" High
GHSA-r2gr-fhmr-66c5 was published for socket.io-file (npm) May 10, 2021 withdrawn
jaraco.context Has a Path Traversal Vulnerability High
CVE-2026-23949 was published for jaraco.context (pip) Jan 13, 2026
tsigouris007 snieguu
Credited to tsigouris007 and snieguu
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code High
CVE-2025-54313 was published for @pkgr/core (npm) Jul 19, 2025
Pradoxzon
Credited to Pradoxzon
Prototype Pollution in extend Moderate
CVE-2018-16492 was published for extend (npm) Feb 7, 2019
ljharb
Credited to ljharb
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
Credited to Iuhsssss
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Credited to jfleming-ic
sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal Moderate
CVE-2026-24137 was published for github.com/sigstore/sigstore (Go) Jan 22, 2026
1seal
Credited to 1seal
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue Low
GHSA-jp3q-wwp3-pwv9 was published for solspace/craft-freeform (Composer) Jan 22, 2026
Prav33N-Sec
Credited to Prav33N-Sec
Orval Mock Generation Code Injection via const High
CVE-2026-24132 was published for @orval/mock (npm) Jan 22, 2026
k14uz
Credited to k14uz
Moonraker affected by LDAP search filter injection Low
CVE-2026-24130 was published for moonraker (pip) Jan 22, 2026
solovvway
Credited to solovvway
Class Loading Vulnerability in Artemis High
CVE-2024-23682 was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Feb 9, 2022
juliuskreutz
Credited to juliuskreutz
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox High
GHSA-hj55-9jmv-9jrj was published for de.tum.in.ase:artemis-java-test-sandbox (Maven) Jan 19, 2024 withdrawn
Denial of service in CBOR library High
CVE-2024-23684 was published for com.upokecenter:cbor (Maven) Jan 21, 2022
Duplicate Advisory: Inefficient Algorithmic Complexity in com.upokecenter:cbor High
GHSA-hfj8-63c8-rmfw was published for com.upokecenter:cbor (Maven) Jan 19, 2024 withdrawn
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-gvc7-gjrw-hj65 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024 withdrawn
oscerd
Credited to oscerd
com.enonic.xp:lib-auth vulnerable to Session Fixation Critical
CVE-2024-23679 was published for com.enonic.xp:lib-auth (Maven) Oct 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database