Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,153
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,451
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

152,087 advisories

Loading
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09... Moderate Unreviewed
CVE-2025-69653 was published Mar 6, 2026
A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature... Moderate Unreviewed
CVE-2025-70128 was published Mar 10, 2026
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2026-3582 was published Mar 10, 2026
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer... Moderate Unreviewed
CVE-2025-14242 was published Jan 14, 2026
A flaw was found in mirror-registry where an authenticated user can trick the system into... Moderate Unreviewed
CVE-2026-2376 was published Mar 12, 2026
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This... Moderate Unreviewed
CVE-2026-3497 was published Mar 12, 2026
Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure... Moderate Unreviewed
CVE-2025-13913 was published Mar 12, 2026
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a... Moderate Unreviewed
CVE-2026-3306 was published Mar 10, 2026
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0... Moderate Unreviewed
CVE-2026-24640 was published Mar 10, 2026
There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products.... Moderate Unreviewed
CVE-2025-66315 was published Jan 9, 2026
Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings Moderate
CVE-2026-32320 was published for github.com/ellanetworks/core (Go) Mar 12, 2026
p1-aji Credited to p1-aji
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction Moderate
CVE-2026-29066 was published for @tinacms/cli (npm) Mar 12, 2026
alaeddine03 Credited to alaeddine03
ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
CVE-2023-1289 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
Im10n Credited to Im10n
Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS Moderate
GHSA-gv85-xg33-553c was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 23, 2023 withdrawn
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check Moderate
CVE-2026-31860 was published for unhead (npm) Mar 12, 2026
simonkoeck Credited to simonkoeck
@tinacms/graphql has a Path Traversal issue Moderate
CVE-2026-24125 was published for @tinacms/graphql (npm) Mar 12, 2026
Python-Markdown has an Uncaught Exception Moderate
CVE-2025-69534 was published for Markdown (pip) Mar 5, 2026
Hyperterse: Raw exposure of database statements in MCP search tool Moderate
CVE-2026-31841 was published for hyperterse (npm) Mar 12, 2026
BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key... Moderate Unreviewed
CVE-2025-45809 was published Jul 3, 2025
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of... Moderate Unreviewed
CVE-2026-4044 was published Mar 12, 2026
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file... Moderate Unreviewed
CVE-2026-4045 was published Mar 12, 2026
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+,... Moderate Unreviewed
CVE-2026-28256 was published Mar 12, 2026
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could... Moderate Unreviewed
CVE-2026-28254 was published Mar 12, 2026
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU ... Moderate Unreviewed
CVE-2025-14831 was published Feb 9, 2026
Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication Moderate
CVE-2026-2808 was published for github.com/hashicorp/consul (Go) Mar 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database