GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within...
Moderate
Unreviewed
CVE-2026-56021
was published
Jun 18, 2026
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
Moderate
CVE-2026-48147
was published
for
@budibase/backend-core
(npm)
Jun 12, 2026
Hono: IP Restriction bypasses static deny rules for non-canonical IPv6
Moderate
CVE-2026-47674
was published
for
hono
(npm)
Jun 4, 2026
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
Moderate
CVE-2026-45065
was published
for
symfony/routing
(Composer)
May 27, 2026
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching
Moderate
CVE-2026-25542
was published
for
github.com/tektoncd/pipeline
(Go)
Apr 21, 2026
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
Moderate
CVE-2026-39350
was published
for
istio.io/istio
(Go)
Apr 16, 2026
league/commonmark has an embed extension allowed_domains bypass
Moderate
CVE-2026-33347
was published
for
league/commonmark
(Composer)
Mar 19, 2026
Fastify's Missing End Anchor in "subtypeNameReg" Allows Malformed Content-Types to Pass Validation
Moderate
CVE-2026-3419
was published
for
fastify
(npm)
Mar 5, 2026
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Moderate
CVE-2026-25479
was published
for
litestar
(pip)
Feb 9, 2026
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
Moderate
CVE-2026-24398
was published
for
hono
(npm)
Jan 27, 2026
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript,...
Moderate
Unreviewed
CVE-2025-1934
was published
Mar 4, 2025
parse-uri Regular expression Denial of Service (ReDoS)
Moderate
CVE-2024-36751
was published
for
parse-uri
(npm)
Jan 16, 2025
Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)
Moderate
GHSA-mpcw-3j5p-p99x
was published
for
org.openrefine.dependencies:butterfly
(Maven)
Oct 24, 2024
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security...
Moderate
Unreviewed
CVE-2024-6641
was published
Sep 18, 2024
A user authorized to perform database queries may trigger denial of service by issuing specially...
Moderate
Unreviewed
CVE-2020-7929
was published
May 24, 2022
Incorrect default pattern in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2288
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
May 24, 2022
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive...
Moderate
Unreviewed
CVE-2020-1741
was published
May 24, 2022
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST...
Moderate
Unreviewed
CVE-2019-11388
was published
May 24, 2022
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST...
Moderate
Unreviewed
CVE-2019-11389
was published
May 24, 2022
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST...
Moderate
Unreviewed
CVE-2019-11391
was published
May 24, 2022
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST...
Moderate
Unreviewed
CVE-2019-11387
was published
May 24, 2022
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST...
Moderate
Unreviewed
CVE-2019-11390
was published
May 24, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
uap-core Regular Expression Denial of Service issue
Moderate
CVE-2018-20164
was published
for
uap-core
(npm)
Mar 6, 2019
Django denial-of-service possibility in urlize and urlizetrunc template filters
Moderate
CVE-2018-7536
was published
for
Django
(pip)
Jan 4, 2019
ProTip!
Advisories are also available from the
GraphQL API