Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
`melange update-cache` has unbounded HTTP download that can exhaust disk in CI Moderate
CVE-2026-29049 was published for chainguard.dev/melange (Go) Mar 2, 2026
1seal Credited to 1seal, antitree, and 89luca89 antitree antitree
89luca89 89luca89
melange pipeline working-directory could allow command injection High
CVE-2026-24844 was published for chainguard.dev/melange (Go) Feb 3, 2026
1seal Credited to 1seal, antitree, egibs, 89luca89, and eslerm antitree antitree
egibs egibs 89luca89 89luca89 eslerm eslerm
melange QEMU runner could write files outside workspace directory High
CVE-2026-24843 was published for chainguard.dev/melange (Go) Feb 3, 2026
1seal Credited to 1seal, antitree, egibs, 89luca89, and eslerm antitree antitree
egibs egibs 89luca89 89luca89 eslerm eslerm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database