GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
495 advisories
Filter by severity
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
Moderate
CVE-2026-35339
was published
for
uu_chmod
(Rust)
Jul 6, 2026
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
Moderate
CVE-2026-54775
was published
for
CoreWCF.Kafka
(NuGet)
Jun 19, 2026
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
Low
CVE-2026-48524
was published
for
pyjwt
(pip)
Jun 15, 2026
@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
High
CVE-2026-48036
was published
for
@hulumi/drift
(npm)
Jun 10, 2026
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large...
Moderate
Unreviewed
CVE-2023-43686
was published
Jun 9, 2026
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on...
High
Unreviewed
CVE-2026-40371
was published
Jun 9, 2026
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it...
High
Unreviewed
CVE-2026-49232
was published
Jun 8, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files
High
CVE-2026-49235
was published
for
routinator
(Rust)
Jun 8, 2026
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed...
High
Unreviewed
CVE-2026-9516
was published
Jun 3, 2026
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes...
High
Unreviewed
CVE-2026-48961
was published
May 27, 2026
multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
High
CVE-2026-8162
was published
for
multiparty
(npm)
May 18, 2026
Prometheus exporter process crash via malformed HTTP request
High
CVE-2026-44902
was published
for
@opentelemetry/auto-instrumentations-node
(npm)
May 11, 2026
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types
High
CVE-2026-44325
was published
for
github.com/free5gc/nrf
(Go)
May 8, 2026
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
High
CVE-2026-44319
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
High
GHSA-fpw6-hrg5-q5x5
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
rpassword affected by partial password reveal when input is interrupted
Low
GHSA-2p6r-x3vv-xqm2
was published
for
rpassword
(Rust)
May 6, 2026
Granian vulnerable to DoS via WSGI response header panic
Moderate
CVE-2026-42545
was published
for
granian
(pip)
May 6, 2026
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
High
CVE-2026-34065
was published
for
nimiq-primitives
(Rust)
Apr 22, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in ...
High
Unreviewed
CVE-2026-23666
was published
Apr 14, 2026
justhtml includes multiple security fixes
Moderate
GHSA-c9vm-hv86-f23r
was published
for
justhtml
(pip)
Apr 10, 2026
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
Moderate
CVE-2026-40074
was published
for
@sveltejs/kit
(npm)
Apr 10, 2026
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation...
High
Unreviewed
CVE-2026-28542
was published
Mar 5, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps
Moderate
CVE-2026-27809
was published
for
psd-tools
(pip)
Feb 26, 2026
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
Moderate
CVE-2026-27195
was published
for
wasmtime
(Rust)
Feb 24, 2026
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
High
CVE-2026-27586
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
ProTip!
Advisories are also available from the
GraphQL API