GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+
152,087 advisories
Filter by severity
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09...
Moderate
Unreviewed
CVE-2025-69653
was published
Mar 6, 2026
A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature...
Moderate
Unreviewed
CVE-2025-70128
was published
Mar 10, 2026
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed...
Moderate
Unreviewed
CVE-2026-3582
was published
Mar 10, 2026
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer...
Moderate
Unreviewed
CVE-2025-14242
was published
Jan 14, 2026
A flaw was found in mirror-registry where an authenticated user can trick the system into...
Moderate
Unreviewed
CVE-2026-2376
was published
Mar 12, 2026
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This...
Moderate
Unreviewed
CVE-2026-3497
was published
Mar 12, 2026
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure...
Moderate
Unreviewed
CVE-2025-13913
was published
Mar 12, 2026
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a...
Moderate
Unreviewed
CVE-2026-3306
was published
Mar 10, 2026
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0...
Moderate
Unreviewed
CVE-2026-24640
was published
Mar 10, 2026
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products....
Moderate
Unreviewed
CVE-2025-66315
was published
Jan 9, 2026
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings
Moderate
CVE-2026-32320
was published
for
github.com/ellanetworks/core
(Go)
Mar 12, 2026
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction
Moderate
CVE-2026-29066
was published
for
@tinacms/cli
(npm)
Mar 12, 2026
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
Moderate
CVE-2023-1289
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 12, 2026
Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
Moderate
GHSA-gv85-xg33-553c
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
Mar 23, 2023
•
withdrawn
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Moderate
CVE-2026-31860
was published
for
unhead
(npm)
Mar 12, 2026
@tinacms/graphql has a Path Traversal issue
Moderate
CVE-2026-24125
was published
for
@tinacms/graphql
(npm)
Mar 12, 2026
Python-Markdown has an Uncaught Exception
Moderate
CVE-2025-69534
was published
for
Markdown
(pip)
Mar 5, 2026
Hyperterse: Raw exposure of database statements in MCP search tool
Moderate
CVE-2026-31841
was published
for
hyperterse
(npm)
Mar 12, 2026
BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key...
Moderate
Unreviewed
CVE-2025-45809
was published
Jul 3, 2025
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of...
Moderate
Unreviewed
CVE-2026-4044
was published
Mar 12, 2026
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file...
Moderate
Unreviewed
CVE-2026-4045
was published
Mar 12, 2026
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+,...
Moderate
Unreviewed
CVE-2026-28256
was published
Mar 12, 2026
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could...
Moderate
Unreviewed
CVE-2026-28254
was published
Mar 12, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU ...
Moderate
Unreviewed
CVE-2025-14831
was published
Feb 9, 2026
Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication
Moderate
CVE-2026-2808
was published
for
github.com/hashicorp/consul
(Go)
Mar 12, 2026
ProTip!
Advisories are also available from the
GraphQL API