Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25... High Unreviewed
CVE-2026-6442 was published Apr 16, 2026
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow... High Unreviewed
CVE-2026-40198 was published Apr 11, 2026
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used... High Unreviewed
CVE-2026-33778 was published Apr 10, 2026
Rack::Request accepts invalid Host characters, enabling host allowlist bypass Moderate
CVE-2026-34835 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could... Moderate Unreviewed
CVE-2026-20114 was published Mar 25, 2026
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one... Moderate Unreviewed
CVE-2025-13995 was published Mar 19, 2026
A flaw was found in libsoup, a library used by applications to send network requests. This... Low Unreviewed
CVE-2026-3632 was published Mar 17, 2026
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows... Moderate Unreviewed
CVE-2025-59785 was published Mar 4, 2026
uv has ZIP payload obfuscation through parsing differentials Moderate
CVE-2025-13327 was published for uv (Rust) Feb 27, 2026
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an... Moderate Unreviewed
CVE-2026-0663 was published Jan 21, 2026
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering... High Unreviewed
CVE-2026-21917 was published Jan 15, 2026
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration Moderate
CVE-2025-67492 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
A low privileged remote attacker can corrupt the webserver users storage on the device by setting... High Unreviewed
CVE-2025-41719 was published Oct 22, 2025
Amazon.IonDotnet is vulnerable to Denial of Service attacks High
CVE-2025-11573 was published for Amazon.IonDotnet (NuGet) Oct 9, 2025
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a... Moderate Unreviewed
CVE-2025-36262 was published Sep 30, 2025
github.com/nyaruka/phonenumbers Vulnerable to Improper Validation of Syntactic Correctness of Input Moderate
CVE-2025-10954 was published for github.com/nyaruka/phonenumbers (Go) Sep 27, 2025
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an... Moderate Unreviewed
CVE-2025-25007 was published Aug 12, 2025
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability High
CVE-2025-22868 was published for golang.org/x/oauth2 (Go) Jul 18, 2025
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language ... High Unreviewed
CVE-2024-51982 was published Jun 26, 2025
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can... High Unreviewed
CVE-2024-51983 was published Jun 26, 2025
Denial of service due to improper handling of malformed input. The following products are... High Unreviewed
CVE-2025-30415 was published Jun 4, 2025
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... Moderate Unreviewed
CVE-2025-24348 was published Apr 30, 2025
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS... Moderate Unreviewed
CVE-2025-24347 was published Apr 30, 2025
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote... Moderate Unreviewed
CVE-2025-24345 was published Apr 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database