Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server... High Unreviewed
CVE-2026-24175 was published Apr 7, 2026
Go JOSE Panics in JWE decryption High
CVE-2026-34986 was published for github.com/go-jose/go-jose (Go) Apr 3, 2026
Haraka affected by DoS via `__proto__` email header High
CVE-2026-34752 was published for Haraka (npm) Apr 1, 2026
sebastianosrt Credited to sebastianosrt and msimerson msimerson msimerson
free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error High
CVE-2026-33191 was published for github.com/free5gc/udm (Go) Mar 18, 2026
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass High
CVE-2026-33203 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 18, 2026
mith36 Credited to mith36
Parse Server LiveQuery subscription with invalid regular expression crashes server Moderate
CVE-2026-32770 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation High
CVE-2026-2229 was published for undici (npm) Mar 13, 2026
aisle-research Credited to aisle-research, mcollina, and UlisesGascon mcollina mcollina
UlisesGascon UlisesGascon
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client High
CVE-2026-1528 was published for undici (npm) Mar 13, 2026
mcollina Credited to mcollina and UlisesGascon UlisesGascon UlisesGascon
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145 High
CVE-2026-32314 was published for yamux (Rust) Mar 13, 2026
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing High
CVE-2026-31812 was published for quinn-proto (Rust) Mar 11, 2026
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that... Moderate Unreviewed
CVE-2026-20068 was published Mar 4, 2026
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an... Moderate Unreviewed
CVE-2026-20031 was published Mar 4, 2026
Vikunja has Path Traversal in CLI Restore High
CVE-2026-27819 was published for code.vikunja.io/api (Go) Feb 26, 2026
The affected products are vulnerable to an uncaught exception that could allow an unauthenticated... High Unreviewed
CVE-2026-1507 was published Feb 10, 2026
Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before... Moderate Unreviewed
CVE-2025-24851 was published Feb 10, 2026
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service High
CVE-2026-25577 was published for emmett-core (pip) Feb 10, 2026
Ryu-GeonWoo Credited to Ryu-GeonWoo
A server-side injection was possible for a malicious admin to manipulate the application to... Moderate Unreviewed
CVE-2025-13064 was published Feb 10, 2026
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic Low
GHSA-vhvq-fv9f-wh4q was published for github.com/authzed/spicedb (Go) Feb 6, 2026
1seal Credited to 1seal
fast-xml-parser has RangeError DoS Numeric Entities Bug High
CVE-2026-25128 was published for fast-xml-parser (npm) Jan 30, 2026
mistersiddd Credited to mistersiddd
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded"... Moderate Unreviewed
CVE-2025-59466 was published Jan 20, 2026
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering High
CVE-2025-67647 was published for @sveltejs/adapter-node (npm) Jan 15, 2026
cold-try Credited to cold-try, teemingc, benmccann, and d-xuan teemingc teemingc
benmccann benmccann d-xuan d-xuan
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation Moderate
CVE-2025-66578 was published for robrichards/xmlseclibs (Composer) Dec 8, 2025
d0ge Credited to d0ge
In Modem, there is a possible system crash due to an uncaught exception. This could lead to... Moderate Unreviewed
CVE-2025-20758 was published Dec 2, 2025
In Modem, there is a possible system crash due to an uncaught exception. This could lead to... Moderate Unreviewed
CVE-2025-20753 was published Dec 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database