Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
442
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID... Low Unreviewed
CVE-2026-41988 was published Apr 23, 2026
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a... Low Unreviewed
CVE-2026-35343 was published Apr 22, 2026
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a... Moderate Unreviewed
CVE-2026-41527 was published Apr 22, 2026
A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text... Moderate Unreviewed
CVE-2026-6608 was published Apr 20, 2026
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least... High Unreviewed
CVE-2026-40960 was published Apr 16, 2026
Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache Moderate
GHSA-xmj9-7625-f634 was published for dev.dsf:dsf-bpe-process-api-v2 (Maven) Apr 15, 2026
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose... High Unreviewed
CVE-2026-40719 was published Apr 15, 2026
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow... Moderate Unreviewed
CVE-2026-40394 was published Apr 12, 2026
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after... Moderate Unreviewed
CVE-2026-40396 was published Apr 12, 2026
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can... High Unreviewed
CVE-2026-40200 was published Apr 10, 2026
Wasmtime has host panic when Winch compiler executes `table.fill` Moderate
CVE-2026-34946 was published for wasmtime (Rust) Apr 9, 2026
shumbo Credited to shumbo and alexcrichton alexcrichton alexcrichton
OpenClaw: Endpoint persists after trust decline, leaking gateway credentials Moderate
CVE-2026-41300 was published for openclaw (npm) Apr 3, 2026
zsxsoft Credited to zsxsoft and KeenSecurityLab KeenSecurityLab KeenSecurityLab
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios... Moderate Unreviewed
CVE-2026-35414 was published Apr 2, 2026
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in... Low Unreviewed
CVE-2026-35387 was published Apr 2, 2026
A bug in POST request handling causes a crash under a certain condition. This issue affects... High Unreviewed
CVE-2025-58136 was published Apr 2, 2026
Nest Fastify HEAD Request Middleware Bypass High
CVE-2026-33011 was published for @nestjs/platform-fastify (npm) Mar 17, 2026
kamilmysliwiec Credited to kamilmysliwiec
Cosmos EVM: incorrect state handling during nested EVM execution paths Critical
GHSA-54gx-3cgr-7mfm was published for github.com/cosmos/evm (Go) Mar 11, 2026
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation... High Unreviewed
CVE-2026-1874 was published Mar 3, 2026
The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide High
CVE-2026-26267 was published for soroban-sdk-macros (Rust) Feb 17, 2026
leighmcculloch Credited to leighmcculloch, mootz12, nan-zellic, and dmkozh mootz12 mootz12
nan-zellic nan-zellic dmkozh dmkozh
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Low Unreviewed
CVE-2025-33199 was published Nov 25, 2025
SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session... High Unreviewed
CVE-2025-32942 was published Oct 2, 2025
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix list... Moderate Unreviewed
CVE-2022-49393 was published Sep 22, 2025
A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS... Critical Unreviewed
CVE-2025-43359 was published Sep 16, 2025
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Prevent... Moderate Unreviewed
CVE-2025-38291 was published Jul 10, 2025
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports... High Unreviewed
CVE-2025-49091 was published Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database