GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
11,813 advisories
Filter by severity
Open Babel has uninitialized pointer dereference in MSI atom parser
High
CVE-2022-44451
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has out-of-bounds write in MOL2 attribute/value parser
High
CVE-2022-43607
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has out-of-bounds write in PQS coord_file parser
High
CVE-2022-43467
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has uninitialized pointer dereference in GRO residue parser
High
CVE-2022-42885
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has out-of-bounds write in CSR PadString (title field)
High
CVE-2022-41793
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has out-of-bounds write in Gaussian coords_type orientation parser
High
CVE-2022-37331
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies
High
CVE-2025-10997
was published
for
openbabel
(pip)
Jul 1, 2026
Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles
High
CVE-2025-10996
was published
for
openbabel
(pip)
Jun 30, 2026
Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage
High
CVE-2026-49478
was published
for
github.com/sigstore/fulcio
(Go)
Jun 30, 2026
@adonisjs/bodyparser has an incomplete fix for CVE-2026-25754
High
CVE-2026-48795
was published
for
@adonisjs/bodyparser
(npm)
Jun 30, 2026
Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
High
CVE-2026-49824
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook
High
CVE-2026-49823
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance
High
CVE-2026-49822
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
High
CVE-2026-49821
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
Fission: MessageQueueTrigger scaler manager materializes Secret values into Deployment envvars and accepts arbitrary user PodSpec
High
GHSA-7m8x-qg2j-4m3v
was published
for
github.com/fission/fission
(Go)
Jun 30, 2026
@cedar-policy/authorization-for-expressjs has an authorization bypass via query string manipulation
High
CVE-2026-49473
was published
for
@cedar-policy/authorization-for-expressjs
(npm)
Jun 30, 2026
Kahi has privilege-drop and socket/log permission issues
High
GHSA-55f6-4pr5-c7m5
was published
for
github.com/kahiteam/kahi
(Go)
Jun 30, 2026
Paymenter has URL parameter injection that bypasses paid plan limits at checkout
High
CVE-2026-47198
was published
for
paymenter/paymenter
(Composer)
Jun 30, 2026
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
High
CVE-2026-49451
was published
for
Microsoft.OpenAPI
(NuGet)
Jun 30, 2026
Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query
High
CVE-2026-44840
was published
for
github.com/dgraph-io/dgraph/v25
(Go)
Jun 29, 2026
OpenAM OAuth Client Impersonation via JWKS Resolver Cache
High
CVE-2026-47426
was published
for
org.openidentityplatform.openam:openam-oauth2
(Maven)
Jun 29, 2026
OpenAM Authenticated RCE via Groovy Sandbox Escape
High
CVE-2026-47424
was published
for
org.openidentityplatform.openam:openam-scripting
(Maven)
Jun 29, 2026
pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
High
GHSA-qrv3-253h-g69c
was published
for
pnpm
(npm)
Jun 27, 2026
pnpm: `patch-remove` could delete project-selected files outside the patches directory
High
GHSA-72r4-9c5j-mj57
was published
for
pnpm
(npm)
Jun 27, 2026
pnpm: Hoisted install imports lockfile alias outside node_modules
High
GHSA-fr4h-3cph-29xv
was published
for
pnpm
(npm)
Jun 27, 2026
ProTip!
Advisories are also available from the
GraphQL API