Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special... Unknown Unreviewed
CVE-2026-55276 was published Jun 29, 2026
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant... Unknown Unreviewed
CVE-2026-53404 was published Jun 29, 2026
Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices... Moderate Unreviewed
CVE-2026-56307 was published Jun 20, 2026
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in... Moderate Unreviewed
CVE-2026-12321 was published Jun 16, 2026
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic... High Unreviewed
CVE-2026-48844 was published May 26, 2026
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco... Moderate Unreviewed
CVE-2026-20171 was published May 20, 2026
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. Low Unreviewed
CVE-2026-44928 was published May 8, 2026
ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction Low
GHSA-28xx-pppm-vqff was published for github.com/ydb-platform/ydb-go-sdk/v3 (Go) Apr 30, 2026
kprokopenko Credited to kprokopenko and asmyasnikov asmyasnikov asmyasnikov
Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided Low
GHSA-qmq6-f8pr-cx5x was published for uuid (npm) Apr 23, 2026 withdrawn
julianladisch Credited to julianladisch
uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation Low
CVE-2026-35343 was published for coreutils (Rust) Apr 22, 2026
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a... Moderate Unreviewed
CVE-2026-41527 was published Apr 22, 2026
FastChat has a Content Moderation Bypass via Arena Side-by-Side Views Moderate
CVE-2026-6608 was published for fschat (pip) Apr 20, 2026
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least... High Unreviewed
CVE-2026-40960 was published Apr 16, 2026
Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache Moderate
CVE-2026-40942 was published for dev.dsf:dsf-bpe-process-api-v2 (Maven) Apr 15, 2026
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose... High Unreviewed
CVE-2026-40719 was published Apr 15, 2026
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after... Moderate Unreviewed
CVE-2026-40396 was published Apr 12, 2026
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow... Moderate Unreviewed
CVE-2026-40394 was published Apr 12, 2026
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can... High Unreviewed
CVE-2026-40200 was published Apr 10, 2026
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials Moderate
CVE-2026-41300 was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios... Moderate Unreviewed
CVE-2026-35414 was published Apr 2, 2026
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in... Low Unreviewed
CVE-2026-35387 was published Apr 2, 2026
A bug in POST request handling causes a crash under a certain condition. This issue affects... High Unreviewed
CVE-2025-58136 was published Apr 2, 2026
Nest Fastify HEAD Request Middleware Bypass High
CVE-2026-33011 was published for @nestjs/platform-fastify (npm) Mar 17, 2026
kamilmysliwiec Credited to kamilmysliwiec
Cosmos EVM: incorrect state handling during nested EVM execution paths Critical
GHSA-54gx-3cgr-7mfm was published for github.com/cosmos/evm (Go) Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database