GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
246 advisories
Filter by severity
Concurrent execution using shared resource with improper synchronization ('race condition') in ...
High
Unreviewed
CVE-2026-23666
was published
Apr 14, 2026
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on...
High
Unreviewed
CVE-2026-40371
was published
Jun 9, 2026
Routinator crashes when encountering maliciously crafted RRDP XML files
High
CVE-2026-49235
was published
for
routinator
(Rust)
Jun 8, 2026
@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts
High
CVE-2026-48036
was published
for
@hulumi/drift
(npm)
Jun 10, 2026
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types
High
CVE-2026-44325
was published
for
github.com/free5gc/nrf
(Go)
May 8, 2026
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
High
CVE-2026-44319
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
Prometheus exporter process crash via malformed HTTP request
High
CVE-2026-44902
was published
for
@opentelemetry/auto-instrumentations-node
(npm)
May 11, 2026
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it...
High
Unreviewed
CVE-2026-49232
was published
Jun 8, 2026
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed...
High
Unreviewed
CVE-2026-9516
was published
Jun 3, 2026
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl....
High
Unreviewed
CVE-2021-25662
was published
May 24, 2022
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes...
High
Unreviewed
CVE-2026-48961
was published
May 27, 2026
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2...
High
Unreviewed
CVE-2019-6829
was published
May 24, 2022
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon...
High
Unreviewed
CVE-2018-7852
was published
May 24, 2022
multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
High
CVE-2026-8162
was published
for
multiparty
(npm)
May 18, 2026
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI
High
GHSA-fpw6-hrg5-q5x5
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
High
CVE-2026-34065
was published
for
nimiq-primitives
(Rust)
Apr 22, 2026
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what...
High
Unreviewed
CVE-2023-4537
was published
Feb 15, 2024
In apusys, there is a possible memory corruption due to incorrect error handling. This could lead...
High
Unreviewed
CVE-2021-0668
was published
Nov 19, 2021
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation...
High
Unreviewed
CVE-2026-28542
was published
Mar 5, 2026
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
High
CVE-2026-27586
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 24, 2026
LlamaIndex Improper Handling of Exceptional Conditions vulnerability
High
CVE-2024-12704
was published
for
llama-index-core
(pip)
Mar 20, 2025
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper...
High
Unreviewed
CVE-2026-0203
was published
Jan 15, 2026
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE...
High
Unreviewed
CVE-2026-21906
was published
Jan 15, 2026
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be...
High
Unreviewed
CVE-2019-11694
was published
May 24, 2022
quic-go: Panic occurs when queuing undecryptable packets after handshake completion
High
CVE-2025-59530
was published
for
github.com/quic-go/quic-go
(Go)
Oct 10, 2025
ProTip!
Advisories are also available from the
GraphQL API