Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,791
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,349
Swift
54
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Prometheus exporter process crash via malformed HTTP request High
CVE-2026-44902 was published for @opentelemetry/auto-instrumentations-node (npm) May 11, 2026
homanp Credited to homanp, pichlermarc, and arminru pichlermarc pichlermarc
arminru arminru
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types High
CVE-2026-44325 was published for github.com/free5gc/nrf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) High
CVE-2026-44319 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI High
GHSA-fpw6-hrg5-q5x5 was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
rpassword affected by partial password reveal when input is interrupted Low
GHSA-2p6r-x3vv-xqm2 was published for rpassword (Rust) May 6, 2026
DevLaTron Credited to DevLaTron and squell squell squell
Granian vulnerable to DoS via WSGI response header panic Moderate
CVE-2026-42545 was published for granian (pip) May 6, 2026
Z-Bra0 Credited to Z-Bra0
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
justhtml includes multiple security fixes Moderate
GHSA-c9vm-hv86-f23r was published for justhtml (pip) Apr 10, 2026
EmilStenstrom Credited to EmilStenstrom
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service Moderate
CVE-2026-40074 was published for @sveltejs/kit (npm) Apr 10, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps Moderate
CVE-2026-27809 was published for psd-tools (pip) Feb 26, 2026
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future Moderate
CVE-2026-27195 was published for wasmtime (Rust) Feb 24, 2026
dicej Credited to dicej
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed High
CVE-2026-27586 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
moscowchill Credited to moscowchill
Cube Core is vulnerable to Denial of Service (DoS) via crafted request Moderate
CVE-2026-25957 was published for @cubejs-backend/server-core (npm) Feb 10, 2026
ovr Credited to ovr
RustFS gRPC GetMetrics deserialization panic enables remote DoS Moderate
CVE-2025-69255 was published for rustfs (Rust) Jan 7, 2026
max-r-b Credited to max-r-b and enitmar enitmar enitmar
matrix-sdk-base denial of service via custom m.room.join_rules event values Low
CVE-2025-66622 was published for matrix-sdk-base (Rust) Dec 8, 2025
Wasmtime vulnerable to segfault when using component resources Low
CVE-2025-62711 was published for wasmtime (Rust) Oct 27, 2025
alexcrichton Credited to alexcrichton
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi Credited to rsukhodolskyi
Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
GHSA-4vr7-g93g-cf6m was published for picklescan (pip) Sep 17, 2025 withdrawn
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
Babylon vulnerable to chain half when transaction has fees different than `ubbn` High
GHSA-56j4-446m-qrf6 was published for github.com/babylonlabs-io/babylon (Go) Jun 30, 2025
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try Credited to cold-try
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
Cosmos SDK: x/group can halt when erroring in EndBlocker High
GHSA-47ww-ff84-4jrg was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2025
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database