Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

12,164 advisories

Loading
Helm dependency management path traversal Moderate
CVE-2024-25620 was published for helm.sh/helm/v3 (Go) Feb 15, 2024
dominykas Credited to dominykas
Absolute path traversal vulnerability in digdag server Moderate
CVE-2024-25125 was published for io.digdag:digdag-server (Maven) Feb 14, 2024
p- Credited to p-
mongo-express Cross-site Request Forgery vulnerability Moderate
CVE-2023-52555 was published for mongo-express (npm) Mar 1, 2024
Magento Open Source allows Uncontrolled Resource Consumption Moderate
CVE-2024-20716 was published for magento/community-edition (Composer) Feb 15, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya Credited to isacaya
Magento Open Source allows Cross-Site Request Forgery (CSRF) Moderate
CVE-2024-20718 was published for magento/community-edition (Composer) Feb 15, 2024
Magento LTS vulnerable to stored XSS in admin file form Moderate
GHSA-gp6m-fq6h-cjcx was published for openmage/magento-lts (Composer) Feb 27, 2024
Judx Credited to Judx
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Mattermost denial of service through long emoji value Moderate
CVE-2024-24988 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd Credited to oscerd
Docassemble HTML and javascript injection Moderate
CVE-2024-27290 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi Credited to richighimi
Enhavo Cross-site Scripting vulnerability Moderate
CVE-2024-25876 was published for enhavo/enhavo-app (Composer) Feb 22, 2024
Docassemble open redirect Moderate
CVE-2024-27291 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi Credited to richighimi
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS) Moderate
CVE-2026-32066 was published for openclaw (npm) Mar 2, 2026
Somet2mes Credited to Somet2mes and migraine-sudo migraine-sudo migraine-sudo
OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions Moderate
CVE-2026-27646 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
H3: Unbounded Chunked Cookie Count in Session Cleanup Loop may Lead to Denial of Service Moderate
GHSA-q5pr-72pq-83v3 was published for h3 (npm) Mar 23, 2026
restriction Credited to restriction
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating Moderate
CVE-2026-27183 was published for openclaw (npm) Mar 9, 2026
tdjackey Credited to tdjackey
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation Moderate
GHSA-fp4x-ggrf-wmc6 was published for h3 (npm) Mar 23, 2026
restriction Credited to restriction
Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents Moderate
CVE-2026-33486 was published for roadiz/documents (Composer) Mar 23, 2026
ROCmertakdag Credited to ROCmertakdag and ambroisemaupate ambroisemaupate ambroisemaupate
Rails Active Storage has possible glob injection in its DiskService Moderate
CVE-2026-33202 was published for activestorage (RubyGems) Mar 23, 2026
Rails Active Support has a possible DoS vulnerability in its number helpers Moderate
CVE-2026-33176 was published for activesupport (RubyGems) Mar 23, 2026
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests Moderate
CVE-2026-33174 was published for activestorage (RubyGems) Mar 23, 2026
Rails Active Storage has possible content type bypass via metadata in direct uploads Moderate
CVE-2026-33173 was published for activestorage (RubyGems) Mar 23, 2026
Rails Active Support has a possible XSS vulnerability in SafeBuffer#% Moderate
CVE-2026-33170 was published for activesupport (RubyGems) Mar 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database