Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
uutils coreutils has an Unchecked Return Value Issue Low
CVE-2026-35344 was published for coreutils (Rust) Apr 22, 2026
Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload Moderate
CVE-2026-29905 was published for getkirby/cms (Composer) Mar 27, 2026 withdrawn
0x5t4l1n Credited to 0x5t4l1n and lukasbestle lukasbestle lukasbestle
ImageMagick has uninitialized pointer dereference in JBIG decoder High
CVE-2026-28691 was published for Magick.NET-Q16-AnyCPU (NuGet) Mar 12, 2026
zerojackyi Credited to zerojackyi
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest High
CVE-2026-31830 was published for sigstore (RubyGems) Mar 11, 2026
hanazuki Credited to hanazuki
Nokogiri does not check the return value from xmlC14NExecute Moderate
GHSA-wx95-c6cv-8532 was published for nokogiri (RubyGems) Feb 18, 2026
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors Credited to sixcolors
ecrecover can return undefined data if signature does not verify Moderate
CVE-2023-37902 was published for vyper (pip) Jul 25, 2023
go-merkledag's ProtoNode may be modified such that common method calls may panic High
CVE-2022-23495 was published for github.com/ipfs/go-merkledag (Go) Dec 8, 2022
mrd0ll4r Credited to mrd0ll4r
Unchecked return value from xmlTextReaderExpand High
CVE-2022-23476 was published for nokogiri (RubyGems) Dec 8, 2022
HashiCorp Consul vulnerable to authorization bypass Moderate
CVE-2022-40716 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
tdunlap607 Credited to tdunlap607
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false High
CVE-2022-31170 was published for @openzeppelin/contracts (npm) Jul 21, 2022
Invalid file request can crash server High
CVE-2022-31089 was published for parse-server (npm) Jun 20, 2022
mtrezza Credited to mtrezza
Unhandled crash in npm posix High
CVE-2022-21211 was published for posix (npm) Jun 11, 2022
Improper privilege handling in Apache Accumulo High
CVE-2020-17533 was published for org.apache.accumulo:accumulo-master (Maven) Feb 9, 2022
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Unchecked Return Value in xcb Critical
CVE-2021-26955 was published for xcb (Rust) Aug 25, 2021
amousset Credited to amousset
Unchecked Return Value in xcb High
CVE-2021-26958 was published for xcb (Rust) Aug 25, 2021
Pillow denial of service High
CVE-2021-28675 was published for Pillow (pip) Jun 8, 2021
Undefined behavior in Tensorflow Moderate
CVE-2020-15191 was published for tensorflow (pip) Sep 25, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database