Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

279 advisories

Loading
Missing bounds validation for operator could allow out of range operator-code lookup during... Moderate Unreviewed
CVE-2026-6840 was published Apr 22, 2026
Step CA affected by an index out of bounds panic in TPM attestation EKU validation Low
CVE-2026-40097 was published for github.com/smallstep/certificates (Go) Apr 10, 2026
1seal Credited to 1seal
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of... Critical Unreviewed
CVE-2026-21413 was published Apr 7, 2026
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory High
GHSA-32wq-ppwg-3w4m was published for EnhancedLinq.Async (NuGet) Apr 1, 2026
go-git missing validation decoding Index v4 files leads to panic Low
CVE-2026-33762 was published for github.com/go-git/go-git/v5 (Go) Mar 30, 2026
kq5y Credited to kq5y
Packetbeat does not properly validate an array index in multiple protocol parser components Moderate
CVE-2026-26933 was published for github.com/elastic/beats/v7 (Go) Mar 19, 2026
Ella Core panics on invalid PDU Session IDs in NGAP messages Moderate
CVE-2026-33281 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode High
CVE-2026-4427 was published for github.com/jackc/pgproto3/v2 (Go) Mar 19, 2026 withdrawn
gosaml2 CBC Padding Panic — Unauthenticated Process Crash High
GHSA-hwqm-qvj9-4jr2 was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS High
CVE-2026-32937 was published for github.com/free5gc/chf (Go) Mar 18, 2026
LinZiyuu Credited to LinZiyuu
Denial of service in github.com/jackc/pgproto3/v2 High
CVE-2026-32286 was published for github.com/jackc/pgproto3/v2 (Go) Mar 18, 2026
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun Moderate
CVE-2026-33022 was published for github.com/tektoncd/pipeline (Go) Mar 17, 2026
1seal Credited to 1seal, vdemeester, and afrittoli vdemeester vdemeester
afrittoli afrittoli
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2026-3083 was published Mar 16, 2026
idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability High
GHSA-8fh9-c4jq-94h4 was published for idunno.AtProto (NuGet) Mar 13, 2026
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can... Moderate Unreviewed
CVE-2026-26932 was published Feb 26, 2026
Fiber has a Denial of Service Vulnerability via Route Parameter Overflow Moderate
CVE-2026-25882 was published for github.com/gofiber/fiber/v2 (Go) Feb 24, 2026
sixcolors Credited to sixcolors, TheAspectDev, gaby, and ReneWerner87 TheAspectDev TheAspectDev
gaby gaby ReneWerner87 ReneWerner87
In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall... High Unreviewed
CVE-2025-71203 was published Feb 14, 2026
Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds... Moderate Unreviewed
CVE-2023-20601 was published Feb 12, 2026
Missing validation of multibyte character length in PostgreSQL text manipulation allows a... High Unreviewed
CVE-2026-2006 was published Feb 12, 2026
cert-manager-controller DoS via Specially Crafted DNS Response Moderate
CVE-2026-25518 was published for github.com/cert-manager/cert-manager (Go) Feb 2, 2026
1seal Credited to 1seal and SgtCoDFish SgtCoDFish SgtCoDFish
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap... Moderate Unreviewed
CVE-2026-25068 was published Jan 29, 2026
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout:... High Unreviewed
CVE-2025-71143 was published Jan 14, 2026
Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an... Moderate Unreviewed
CVE-2026-0529 was published Jan 14, 2026
Metricbeat affected by multiple denial of service vulnerabilities Moderate
CVE-2026-0528 was published for github.com/elastic/beats/v7 (Go) Jan 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database