Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

29,332 advisories

Loading
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account... Critical Unreviewed
CVE-2025-59707 was published Mar 25, 2026
pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter Critical
CVE-2026-26830 was published for pdf-image (npm) Mar 25, 2026
Two LiteLLM versions published containing credential harvesting malware Critical
GHSA-5mg7-485q-xm76 was published for litellm (pip) Mar 25, 2026
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4... Critical Unreviewed
CVE-2026-28858 was published Mar 25, 2026
A parsing issue in the handling of directory paths was addressed with improved path validation.... Critical Unreviewed
CVE-2026-28827 was published Mar 25, 2026
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and... Critical Unreviewed
CVE-2026-20688 was published Mar 25, 2026
Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse Critical
GHSA-5wr9-m6jw-xx44 was published for scriban (NuGet) Mar 24, 2026
Zwique Credited to Zwique
NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a... Critical Unreviewed
CVE-2025-33244 was published Mar 24, 2026
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show... Critical Unreviewed
CVE-2026-2417 was published Mar 24, 2026
Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection... Critical Unreviewed
CVE-2025-71275 was published Mar 24, 2026
Trivy ecosystem supply chain was briefly compromised Critical
CVE-2026-33634 was published for aquasecurity/setup-trivy (GitHub Actions) Mar 24, 2026
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149. Critical Unreviewed
CVE-2026-4723 was published Mar 24, 2026
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and... Critical Unreviewed
CVE-2026-4720 was published Mar 24, 2026
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,... Critical Unreviewed
CVE-2026-4721 was published Mar 24, 2026
Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149. Critical Unreviewed
CVE-2026-4724 was published Mar 24, 2026
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence... Critical Unreviewed
CVE-2026-4729 was published Mar 24, 2026
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability... Critical Unreviewed
CVE-2026-4725 was published Mar 24, 2026
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149... Critical Unreviewed
CVE-2026-4702 was published Mar 24, 2026
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This... Critical Unreviewed
CVE-2026-4716 was published Mar 24, 2026
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-4715 was published Mar 24, 2026
Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and... Critical Unreviewed
CVE-2026-4711 was published Mar 24, 2026
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149... Critical Unreviewed
CVE-2026-4705 was published Mar 24, 2026
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox <... Critical Unreviewed
CVE-2026-4710 was published Mar 24, 2026
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and... Critical Unreviewed
CVE-2026-4717 was published Mar 24, 2026
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149,... Critical Unreviewed
CVE-2026-4696 was published Mar 24, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database