Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,974
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,066
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

495 advisories

Loading
Memory corruption while using Strongbox due to missing bounds check. High Unreviewed
CVE-2026-25276 was published Jun 2, 2026
Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string High
CVE-2026-46377 was published for github.com/tomwright/dasel/v3 (Go) May 19, 2026
kq5y Credited to kq5y
Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service High
CVE-2026-45799 was published for com.squareup.wire:wire-runtime (Maven) May 19, 2026
TrekLaps Credited to TrekLaps
ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. Moderate
CVE-2026-45624 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define Moderate
CVE-2026-45359 was published for Magick.NET-Q16-AnyCPU (NuGet) May 18, 2026
007bsd Credited to 007bsd
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to... Moderate Unreviewed
CVE-2023-31309 was published May 15, 2026
gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers Moderate
CVE-2026-44310 was published for github.com/sigstore/gitsign (Go) May 8, 2026
bugbunny-research Credited to bugbunny-research
vLLM Vulnerable to Remote DoS via Special-Token Placeholders Moderate
CVE-2026-44222 was published for vllm (pip) May 5, 2026
wumingzhilian Credited to wumingzhilian
Incus Vulnerable to Panic via Snapshot Bounds Check High
CVE-2026-40251 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing... High Unreviewed
CVE-2026-31776 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: Set... High Unreviewed
CVE-2026-31764 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate... High Unreviewed
CVE-2026-31729 was published May 1, 2026
GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE High
CVE-2026-41643 was published for github.com/osrg/gobgp/v4 (Go) Apr 29, 2026
bacon251 Credited to bacon251
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller High
CVE-2026-40886 was published for github.com/argoproj/argo-workflows/v3 (Go) Apr 23, 2026
thevilledev Credited to thevilledev
Missing bounds validation for operator could allow out of range operator-code lookup during... Moderate Unreviewed
CVE-2026-6840 was published Apr 22, 2026
Step CA affected by an index out of bounds panic in TPM attestation EKU validation Low
CVE-2026-40097 was published for github.com/smallstep/certificates (Go) Apr 10, 2026
1seal Credited to 1seal
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of... Critical Unreviewed
CVE-2026-21413 was published Apr 7, 2026
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add... High Unreviewed
CVE-2026-23448 was published Apr 3, 2026
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add... High Unreviewed
CVE-2026-23447 was published Apr 3, 2026
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory High
GHSA-32wq-ppwg-3w4m was published for EnhancedLinq.Async (NuGet) Apr 1, 2026
go-git missing validation decoding Index v4 files leads to panic Low
CVE-2026-33762 was published for github.com/go-git/go-git/v5 (Go) Mar 30, 2026
kq5y Credited to kq5y
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct... High Unreviewed
CVE-2026-23354 was published Mar 25, 2026
Packetbeat does not properly validate an array index in multiple protocol parser components Moderate
CVE-2026-26933 was published for github.com/elastic/beats/v7 (Go) Mar 19, 2026
Ella Core panics on invalid PDU Session IDs in NGAP messages Moderate
CVE-2026-33281 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database