GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
499 advisories
Filter by severity
daphne: WebSocket handshake header smuggling through autobahn splitlines() mishandling of non-standard line separators
Low
CVE-2026-44546
was published
for
daphne
(pip)
Jun 3, 2026
Code Index MCP is vulnerable to Uncontrolled Resource Consumption
Low
CVE-2026-10692
was published
for
code-index-mcp
(pip)
Jun 3, 2026
hermes-agent has an Injection issue
Low
CVE-2026-10222
was published
for
hermes-agent
(pip)
Jun 1, 2026
Apache Airflow has an Incorrect Authorization issue
Low
CVE-2026-45426
was published
for
apache-airflow
(pip)
Jun 1, 2026
Apache Airflow has an Improper Authorization issue
Low
CVE-2026-40963
was published
for
apache-airflow
(pip)
Jun 1, 2026
FoundationAgents MetaGPT: Deserialization through flawed argument mapping via Message.check_instruct_content()
Low
CVE-2026-10566
was published
for
metagpt
(pip)
Jun 2, 2026
SGLang: Reachable Assertion via lora_path in LoRAManager enables remote Denial of Dervice
Low
CVE-2026-10300
was published
for
sglang
(pip)
Jun 2, 2026
AstrBot: Manipulation of astr_main_agent's session_id parameter leads to authorization bypass
Low
CVE-2026-10212
was published
for
AstrBot
(pip)
Jun 1, 2026
Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint
Low
CVE-2026-10177
was published
for
aider-chat
(pip)
May 31, 2026
Aider is vulnerable to Code Injection via editor_coder.run function
Low
CVE-2026-10175
was published
for
aider-chat
(pip)
May 31, 2026
Kiwi TCMS vulnerable to stored XSS via JavaScript: URI in extra_link field (TestPlan & TestCase)
Low
CVE-2026-55630
was published
for
kiwitcms
(pip)
Jul 6, 2026
Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases
Low
CVE-2026-53759
was published
for
linuxfabrik-lib
(pip)
Jul 6, 2026
Kiwi TCMS's /init-db/ page renders and responds to requests after first use
Low
CVE-2026-49292
was published
for
kiwitcms
(pip)
Jul 2, 2026
pretix vulnerable to Authorization Bypass Through User-Controlled Key
Low
CVE-2026-9712
was published
for
pretix
(pip)
May 27, 2026
Duplicate Advisory: Open Babel has out-of-bounds read in PQS lowerit (pre-buffer read)
Low
GHSA-7x26-54jj-cvhr
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Duplicate Advisory: Open Babel has NULL pointer dereference in CACAO CacaoFormat::SetHilderbrandt
Low
GHSA-62mq-grc2-53j3
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines
Low
CVE-2025-10998
was published
for
openbabel
(pip)
Jul 1, 2026
Duplicate Advisory: Open Babel has NULL pointer dereference in ChemKinFormat::ReadReactionQualifierLines
Low
GHSA-hvp2-4h2f-26w4
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Duplicate Advisory: Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies
Low
GHSA-95gx-jmhp-5p29
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Duplicate Advisory: Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles
Low
GHSA-9p6c-jcw8-x98f
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow
Low
CVE-2025-10995
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has out-of-bounds write (overlapping memcpy) in zipstream basic_unzip_streambuf::underflow
Low
GHSA-5gfq-xrq4-34rj
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule
Low
CVE-2025-10994
was published
for
openbabel
(pip)
Jun 30, 2026
Duplicate Advisory: Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule
Low
GHSA-5fgf-q57f-wwqf
was published
for
openbabel
(pip)
Sep 26, 2025
•
withdrawn
Open Babel has a NULL pointer dereference in CDXML OBAtom::GetExplicitValence
Low
CVE-2026-3408
was published
for
openbabel
(pip)
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API