Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
911
pip
4,760
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

433 advisories

Loading
Rand is unsound with a custom logger using rand::rng() Low
GHSA-cq8v-f236-94qc was published for rand (Rust) Apr 14, 2026
A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function... Low Unreviewed
CVE-2026-5473 was published Apr 3, 2026
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass Low
CVE-2026-35038 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber Low
CVE-2026-34762 was published for github.com/ellanetworks/core (Go) Apr 1, 2026
offset Credited to offset
A vulnerability exists in the SonicWall Email Security appliance due to improper input... Low Unreviewed
CVE-2026-3470 was published Mar 31, 2026
A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall... Low Unreviewed
CVE-2026-3469 was published Mar 31, 2026
Astro: Remote allowlist bypass via unanchored matchPathname wildcard Low
CVE-2026-33769 was published for astro (npm) Mar 26, 2026
christos-eth Credited to christos-eth
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject... Low Unreviewed
CVE-2025-55270 was published Mar 26, 2026
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in... Low Unreviewed
CVE-2026-3230 was published Mar 19, 2026
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field... Low Unreviewed
CVE-2026-4407 was published Mar 19, 2026
HCL Sametime is vulnerable to broken server-side validation. While the application performs... Low Unreviewed
CVE-2025-31966 was published Mar 17, 2026
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input.... Low Unreviewed
CVE-2025-26474 was published Mar 16, 2026
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even... Low Unreviewed
CVE-2025-13462 was published Mar 12, 2026
org.eclipse.jetty:jetty-http has different parsing of invalid URIs Low
CVE-2025-11143 was published for org.eclipse.jetty:jetty-http (Maven) Mar 5, 2026
zer0yu Credited to zer0yu
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache Low
CVE-2026-2970 was published for datapizza-ai-core (pip) Feb 23, 2026
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function Low
CVE-2026-2898 was published for funadmin/funadmin (Composer) Feb 22, 2026
Apache Tomcat - Security constraint bypass with HTTP/0.9 Low
CVE-2026-24733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function... Low Unreviewed
CVE-2026-2555 was published Feb 16, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
qs's arrayLimit bypass in comma parsing allows denial of service Low
CVE-2026-2391 was published for qs (npm) Feb 12, 2026
SharokhAtaie Credited to SharokhAtaie and ljharb ljharb ljharb
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from *... Low Unreviewed
CVE-2025-61652 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-67484 was published Feb 3, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-67480 was published Feb 3, 2026
Logback allows an attacker to instantiate classes already present on the class path Low
CVE-2026-1225 was published for ch.qos.logback:logback-core (Maven) Jan 22, 2026
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database