Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint Moderate
CVE-2026-34388 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error... Moderate Unreviewed
CVE-2025-59787 was published Mar 4, 2026
malcontent: Nested archive extraction failure can drop content from scan inputs Moderate
CVE-2026-28407 was published for github.com/chainguard-dev/malcontent (Go) Feb 28, 2026
1seal Credited to 1seal and egibs egibs egibs
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895 High
GHSA-7587-4wv6-m68m was published for pgp (Rust) Feb 13, 2026
invd Credited to invd
An inconsistent user interface issue was addressed with improved state management. This issue is... Moderate Unreviewed
CVE-2026-20640 was published Feb 12, 2026
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP... Moderate Unreviewed
CVE-2026-1996 was published Feb 10, 2026
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service High
CVE-2026-25577 was published for emmett-core (pip) Feb 10, 2026
Ryu-GeonWoo Credited to Ryu-GeonWoo
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass... High Unreviewed
CVE-2025-70758 was published Feb 3, 2026
Decidim's private data exports can lead to data leaks High
CVE-2025-65017 was published for decidim (RubyGems) Feb 3, 2026
ahukkanen Credited to ahukkanen
CometBFT has inconsistencies between how commit signatures are verified and how block time is derived High
GHSA-c32p-wcqj-j677 was published for github.com/cometbft/cometbft (Go) Jan 23, 2026
rsa crate has potential panic on a prime being equal to 1 Low
CVE-2026-21895 was published for rsa (Rust) Jan 6, 2026
invd Credited to invd
Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion Moderate
GHSA-46j5-6fg5-4gv3 was published for nodemailer (npm) Dec 18, 2025 withdrawn
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls High
CVE-2025-14874 was published for nodemailer (npm) Dec 1, 2025
uko3211 Credited to uko3211
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13021 was published Nov 11, 2025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13022 was published Nov 11, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This... Critical Unreviewed
CVE-2025-13023 was published Nov 11, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This... Critical Unreviewed
CVE-2025-13026 was published Nov 11, 2025
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability... High Unreviewed
CVE-2025-13016 was published Nov 11, 2025
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation Moderate
CVE-2025-64435 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Credited to mihailkirov and Faeris95 Faeris95 Faeris95
Under undisclosed traffic conditions along with conditions beyond the attacker's control,... High Unreviewed
CVE-2025-58153 was published Oct 15, 2025
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore... Moderate Unreviewed
CVE-2025-11594 was published Oct 11, 2025
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook High
CVE-2025-59538 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload High
CVE-2025-59531 was published for github.com/argoproj/argo-cd (Go) Sep 30, 2025
jake-ciolek Credited to jake-ciolek, crenshaw-dev, and blakepettersson crenshaw-dev crenshaw-dev
blakepettersson blakepettersson
TinyEnv: Missing .env file not required — may cause unexpected behavior Moderate
CVE-2025-58758 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
In Permission Manager, there is a possible way for the microphone privacy indicator to remain... Low Unreviewed
CVE-2025-26461 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database