Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering Moderate
CVE-2026-40302 was published for github.com/openziti/zrok (Go) Apr 16, 2026
bugbunny-research Credited to bugbunny-research
Heimdall: Path received via Envoy gRPC corrupted when containing query string High
CVE-2026-32811 was published for github.com/dadrus/heimdall (Go) Mar 18, 2026
Kakadus Credited to Kakadus
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module Moderate
CVE-2026-27116 was published for code.vikunja.io/api (Go) Feb 25, 2026
sudo0xksh Credited to sudo0xksh
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge Credited to bastianwegge, sixcolors, gaby, ReneWerner87, and efectn sixcolors sixcolors
gaby gaby ReneWerner87 ReneWerner87 efectn efectn
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database