Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,193
Erlang
25
GitHub Actions
39
Go
2,385
Maven
3,027
npm
3,078
NuGet
529
pip
2,897
Pub
5
RubyGems
444
Rust
905
Swift
20
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Moderate
CVE-2026-34715 was published for ewe (Erlang) Apr 1, 2026
athuljayaram Credited to athuljayaram
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
Permissive List of Allowed Inputs in ewe Moderate
CVE-2026-32881 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD Credited to eternal-flame-AD
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel Credited to zachdaniel, jimsynz, maennchen, barnabasJ, and sevenseacat jimsynz jimsynz
maennchen maennchen barnabasJ barnabasJ sevenseacat sevenseacat
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang Credited to wilburyang, zachdaniel, and jimsynz zachdaniel zachdaniel
jimsynz jimsynz
erlang-jose vulnerable to denial of service via large p2c value Moderate
CVE-2023-50966 was published for jose (Erlang) Mar 19, 2024
maennchen Credited to maennchen
phoenix_html allows Cross-site Scripting in HEEx class attributes Moderate
CVE-2021-46871 was published for phoenix_html (Erlang) Jan 10, 2023
Permissive parameters and privilege escalation Moderate
CVE-2018-20301 was published for coherence (Erlang) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database