GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9301
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9299
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
omec-project amf Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
Low
CVE-2026-9300
was published
for
github.com/omec-project/amf
(Go)
May 26, 2026
SpiceDB: Caveat structures with nested lists can result in improper cache reuse
Low
CVE-2026-46668
was published
for
github.com/authzed/spicedb
(Go)
May 21, 2026
androidqf: APK download Path Traversal in device APK paths
Low
GHSA-763j-3p5v-jfc6
was published
for
github.com/mvt-project/androidqf
(Go)
May 21, 2026
androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)
Low
GHSA-jf2q-463c-6f52
was published
for
github.com/mvt-project/androidqf
(Go)
May 21, 2026
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Low
GHSA-pxh5-6rrc-8rjv
was published
for
github.com/opentofu/opentofu
(Go)
May 20, 2026
GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Low
CVE-2026-45803
was published
for
github.com/cli/cli
(Go)
May 19, 2026
MCP Registry: OCI validator skips ownership check on upstream rate limits
Low
CVE-2026-45781
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 19, 2026
go-git: Improper single-quote escaping in go-git SSH transport
Low
CVE-2026-45570
was published
for
github.com/go-git/go-git
(Go)
May 19, 2026
OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
Low
CVE-2026-45683
was published
for
go.opentelemetry.io/obi
(Go)
May 18, 2026
Mattermost doesn't check if {{team_id}} was being changed when updating playbooks
Low
CVE-2026-4286
was published
for
github.com/mattermost/mattermost-plugin-playbooks
(Go)
May 18, 2026
Mattermost doesn't validate the Host header when constructing response URLs for custom slash command
Low
CVE-2026-6333
was published
for
github.com/mattermost/mattermost-server
(Go)
May 18, 2026
Mattermost doesn't escape some variables that could contain malicious content during error page composition
Low
CVE-2026-3495
was published
for
github.com/mattermost/mattermost-server
(Go)
May 18, 2026
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
Low
CVE-2026-6334
was published
for
github.com/mattermost/mattermost-server
(Go)
May 18, 2026
Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation
Low
CVE-2026-4273
was published
for
github.com/mattermost/mattermost-server
(Go)
May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8783
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8782
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Vulnerable to Improper Resource Shutdown or Release
Low
CVE-2026-8781
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
Low
CVE-2026-8780
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
Low
CVE-2026-8779
was published
for
github.com/omec-project/amf
(Go)
May 18, 2026
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields
Low
CVE-2026-4053
was published
for
github.com/mattermost/mattermost-server
(Go)
May 15, 2026
omec-project amf crashes when processing malformed LocationReports
Low
CVE-2026-8349
was published
for
github.com/omec-project/amf
(Go)
May 12, 2026
Ella Core has handover failures during concurrent Security Mode Command
Low
CVE-2026-44474
was published
for
github.com/ellanetworks/core
(Go)
May 11, 2026
bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go
Low
CVE-2026-8276
was published
for
github.com/bettercap/bettercap/v2
(Go)
May 11, 2026
ProTip!
Advisories are also available from the
GraphQL API