Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source... Moderate Unreviewed
CVE-2026-47316 was published May 19, 2026
XiangShan (Open-source high-performance RISC-V processor) commit... High Unreviewed
CVE-2026-29643 was published Apr 21, 2026
The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS... High Unreviewed
CVE-2024-27832 was published Jun 10, 2024
Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint Moderate
CVE-2026-34388 was published for github.com/fleetdm/fleet/v4 (Go) Mar 30, 2026
fuzzztf Credited to fuzzztf
CometBFT allows a malicious peer to make node stuck in blocksync Moderate
CVE-2025-24371 was published for github.com/cometbft/cometbft (Go) Feb 3, 2025
unknownfeature Credited to unknownfeature
2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error... Moderate Unreviewed
CVE-2025-59787 was published Mar 4, 2026
malcontent: Nested archive extraction failure can drop content from scan inputs Moderate
CVE-2026-28407 was published for github.com/chainguard-dev/malcontent (Go) Feb 28, 2026
1seal Credited to 1seal and egibs egibs egibs
CometBFT has inconsistencies between how commit signatures are verified and how block time is derived High
GHSA-c32p-wcqj-j677 was published for github.com/cometbft/cometbft (Go) Jan 23, 2026
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP... Moderate Unreviewed
CVE-2026-1996 was published Feb 10, 2026
An inconsistent user interface issue was addressed with improved state management. This issue is... Moderate Unreviewed
CVE-2026-20640 was published Feb 12, 2026
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895 High
GHSA-7587-4wv6-m68m was published for pgp (Rust) Feb 13, 2026
invd Credited to invd
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls High
CVE-2025-14874 was published for nodemailer (npm) Dec 1, 2025
uko3211 Credited to uko3211
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass... High Unreviewed
CVE-2025-70758 was published Feb 3, 2026
Emmett-Core: Unhandled CookieError Exception Causing Denial of Service High
CVE-2026-25577 was published for emmett-core (pip) Feb 10, 2026
Ryu-GeonWoo Credited to Ryu-GeonWoo
Decidim's private data exports can lead to data leaks High
CVE-2025-65017 was published for decidim (RubyGems) Feb 3, 2026
ahukkanen Credited to ahukkanen
Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion Moderate
GHSA-46j5-6fg5-4gv3 was published for nodemailer (npm) Dec 18, 2025 withdrawn
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding... Moderate Unreviewed
CVE-2024-21593 was published Apr 12, 2024
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release... Moderate Unreviewed
CVE-2021-25370 was published May 24, 2022
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds... High Unreviewed
CVE-2021-25372 was published May 24, 2022
rsa crate has potential panic on a prime being equal to 1 Low
CVE-2026-21895 was published for rsa (Rust) Jan 6, 2026
invd Credited to invd
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability... High Unreviewed
CVE-2025-13016 was published Nov 11, 2025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13021 was published Nov 11, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This... Critical Unreviewed
CVE-2025-13026 was published Nov 11, 2025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... Critical Unreviewed
CVE-2025-13022 was published Nov 11, 2025
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This... Critical Unreviewed
CVE-2025-13023 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database