Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
47
Go
3,295
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,524
Pub
12
RubyGems
1,008
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints Critical
CVE-2026-25579 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
yunfachi Credited to yunfachi
Samly access control vulnerability Critical
CVE-2024-25718 was published for Samly (Erlang) Feb 11, 2024
Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
GHSA-jpgg-cp2x-qrw3 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022 withdrawn
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX Critical
CVE-2022-0671 was published for org.eclipse.lemminx:lemminx-parent (Maven) Feb 19, 2022
Security Advisory for "Log4Shell" Critical
GHSA-v57x-gxfj-484q was published for com.hazelcast.jet:hazelcast-jet (Maven) Jan 21, 2022
frant-hartm Credited to frant-hartm
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library Critical
GHSA-3qpm-h9ch-px3c was published for org.powernukkit:powernukkit (Maven) Jan 6, 2022
LoboMetalurgico Credited to LoboMetalurgico and PleaseInsertNameHere PleaseInsertNameHere PleaseInsertNameHere
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz Credited to ppkarwasz
Websocket requests did not call AuthenticateMethod Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Jun 23, 2021
Prototype Pollution in asciitable.js Critical
CVE-2020-7771 was published for asciitable.js (npm) Apr 13, 2021
tdunlap607 Credited to tdunlap607
Prototype pollution in dotty Critical
CVE-2021-25912 was published for dotty (npm) Feb 5, 2021
Uncontrolled Resource Consumption in Indy Node Critical
CVE-2020-11090 was published for indy-node (pip) Jun 11, 2020
Prototype Pollution in deeply Critical
CVE-2019-10750 was published for deeply (npm) Aug 27, 2019
Prototype Pollution in node.extend Critical
CVE-2018-16491 was published for node.extend (npm) Feb 7, 2019
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
Prototype Pollution in defaults-deep Critical
CVE-2018-16486 was published for defaults-deep (npm) Feb 7, 2019
Denial of Service in memjs Critical
CVE-2018-3767 was published for memjs (npm) Oct 10, 2018
Denial of Service in https-proxy-agent Critical
CVE-2018-3739 was published for https-proxy-agent (npm) Jul 27, 2018
kurt-r2c Credited to kurt-r2c
bson is vulnerable to denial of service due to incorrect regex validation Critical
CVE-2015-4412 was published for bson (RubyGems) Mar 5, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database