GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
204 advisories
Filter by severity
chmod: recursive mode returns exit code 0 even when some files fail (last-file-wins)
Moderate
CVE-2026-35339
was published
for
uu_chmod
(Rust)
Jul 6, 2026
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
Moderate
CVE-2026-54775
was published
for
CoreWCF.Kafka
(NuGet)
Jun 19, 2026
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large...
Moderate
Unreviewed
CVE-2023-43686
was published
Jun 9, 2026
Granian vulnerable to DoS via WSGI response header panic
Moderate
CVE-2026-42545
was published
for
granian
(pip)
May 6, 2026
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix error path in...
Moderate
Unreviewed
CVE-2024-50001
was published
Oct 21, 2024
justhtml includes multiple security fixes
Moderate
GHSA-c9vm-hv86-f23r
was published
for
justhtml
(pip)
Apr 10, 2026
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
Moderate
CVE-2026-40074
was published
for
@sveltejs/kit
(npm)
Apr 10, 2026
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle...
Moderate
Unreviewed
CVE-2008-4302
was published
May 2, 2022
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
Moderate
CVE-2026-27195
was published
for
wasmtime
(Rust)
Feb 24, 2026
psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps
Moderate
CVE-2026-27809
was published
for
psd-tools
(pip)
Feb 26, 2026
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
Moderate
CVE-2026-25957
was published
for
@cubejs-backend/server-core
(npm)
Feb 10, 2026
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1...
Moderate
Unreviewed
CVE-2026-23762
was published
Jan 22, 2026
RustFS gRPC GetMetrics deserialization panic enables remote DoS
Moderate
CVE-2025-69255
was published
for
rustfs
(Rust)
Jan 7, 2026
Certain instructions need intercepting and emulating by Xen. In some
cases Xen emulates the...
Moderate
Unreviewed
CVE-2025-27465
was published
Jul 16, 2025
In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: prevent the...
Moderate
Unreviewed
CVE-2024-53063
was published
Nov 19, 2024
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory...
Moderate
Unreviewed
CVE-2024-50202
was published
Nov 8, 2024
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: k3-r5: Fix error...
Moderate
Unreviewed
CVE-2024-50176
was published
Nov 8, 2024
In the Linux kernel, the following vulnerability has been resolved:
static_call: Handle module...
Moderate
Unreviewed
CVE-2024-50002
was published
Oct 21, 2024
Improper handling of address deregistration on failure can lead to new GPU address allocation...
Moderate
Unreviewed
CVE-2021-1906
was published
May 24, 2022
Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation.
ACL are...
Moderate
Unreviewed
CVE-2025-4649
was published
May 13, 2025
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on...
Moderate
Unreviewed
CVE-2024-41886
was published
Dec 24, 2024
Tonic has remotely exploitable denial of service vulnerability
Moderate
CVE-2024-47609
was published
for
tonic
(Rust)
Oct 1, 2024
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom...
Moderate
Unreviewed
CVE-2024-12236
was published
Dec 10, 2024
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All...
Moderate
Unreviewed
CVE-2025-41222
was published
Jul 8, 2025
ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string...
Moderate
Unreviewed
CVE-2019-25043
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API