Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
57
GitHub Actions
50
Go
3,767
Maven
5,000+
npm
5,000+
NuGet
937
pip
4,999
Pub
13
RubyGems
1,058
Rust
1,347
Swift
54
Unreviewed advisories
All unreviewed
5,000+

259 advisories

Loading
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) Moderate
CVE-2026-44324 was published for github.com/free5gc/udr (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters Moderate
CVE-2026-44223 was published for vllm (pip) May 6, 2026
Yunzez Credited to Yunzez
apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery Moderate
CVE-2026-42576 was published for chainguard.dev/apko (Go) May 4, 2026
1seal Credited to 1seal, antitree, and markusthoemmes antitree antitree
markusthoemmes markusthoemmes
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may... Moderate Unreviewed
CVE-2021-4456 was published Feb 27, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited,... Critical Unreviewed
CVE-2025-40541 was published Feb 24, 2026
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the... Critical Unreviewed
CVE-2025-40539 was published Feb 24, 2026
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the... Critical Unreviewed
CVE-2025-40540 was published Feb 24, 2026
An authorized user may disable the MongoDB server by issuing a query against a collection that... High Unreviewed
CVE-2026-25613 was published Feb 10, 2026
cert-manager-controller DoS via Specially Crafted DNS Response Moderate
CVE-2026-25518 was published for github.com/cert-manager/cert-manager (Go) Feb 2, 2026
1seal Credited to 1seal and SgtCoDFish SgtCoDFish SgtCoDFish
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in... Moderate Unreviewed
CVE-2025-12781 was published Jan 21, 2026
loggingredactor converts non-string types to string types in logs Low
CVE-2026-22041 was published for loggingredactor (pip) Jan 7, 2026
armurox Credited to armurox
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had... High Unreviewed
CVE-2025-13720 was published Dec 2, 2025
A type confusion vulnerability exists in the handling of the string addition (+) operation within... High Unreviewed
CVE-2025-62494 was published Oct 16, 2025
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid... High Unreviewed
CVE-2025-39880 was published Sep 23, 2025
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a... Critical Unreviewed
CVE-2010-20115 was published Aug 21, 2025
An unauthenticated remote attacker can bypass the login to the web application of the affected... Critical Unreviewed
CVE-2025-41648 was published Jul 1, 2025
An unauthorized remote attacker can bypass the authentication of the affected software package by... Critical Unreviewed
CVE-2025-41646 was published Jun 6, 2025
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type... Moderate Unreviewed
CVE-2022-49873 was published May 1, 2025
In the Linux kernel, the following vulnerability has been resolved: perf/dwc_pcie: fix duplicate... Moderate Unreviewed
CVE-2025-37746 was published May 1, 2025
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Low Unreviewed
CVE-2023-35816 was published Apr 28, 2025
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing... Moderate Unreviewed
CVE-2025-22044 was published Apr 16, 2025
Memory corruption while processing IOCTL calls. High Unreviewed
CVE-2024-43058 was published Apr 7, 2025
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0 Moderate
CVE-2025-1057 was published for keylime (pip) Feb 14, 2025
ansasaki Credited to ansasaki
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an... Moderate Unreviewed
CVE-2025-20072 was published Jan 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database