Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,931
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,382
Swift
56
Unreviewed advisories
All unreviewed
5,000+

265 advisories

Loading
ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag High
CVE-2026-8813 was published for exifreader (npm) May 29, 2026
yuki-matsuhashi Credited to yuki-matsuhashi
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the... Low Unreviewed
CVE-2026-47329 was published May 28, 2026
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm... Moderate Unreviewed
CVE-2026-9801 was published May 28, 2026
A flaw was found in Keycloak. An authenticated user with low privileges can exploit this... Moderate Unreviewed
CVE-2026-9704 was published May 27, 2026
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by... Moderate Unreviewed
CVE-2026-7254 was published May 27, 2026
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux,... Moderate Unreviewed
CVE-2026-3676 was published May 27, 2026
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads... Moderate Unreviewed
CVE-2026-42744 was published May 27, 2026
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads... Moderate Unreviewed
CVE-2026-42732 was published May 27, 2026
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name ... High Unreviewed
CVE-2026-42013 was published May 27, 2026
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret... High Unreviewed
CVE-2026-5260 was published May 27, 2026
The affected products perform improper length checking when parsing incoming HTTP requests,... High Unreviewed
CVE-2026-8047 was published May 26, 2026
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU... Moderate Unreviewed
CVE-2025-15645 was published May 20, 2026
iskorotkov/avro: CPU Exhaustion in Decoder High
CVE-2026-46385 was published for github.com/iskorotkov/avro/v2 (Go) May 18, 2026
klajok Credited to klajok
iskorotkov/avro: Integer Overflow in Decoder High
CVE-2026-46384 was published for github.com/iskorotkov/avro/v2 (Go) May 18, 2026
klajok Credited to klajok
iskorotkov/avro: Denial-of-Service Vulnerability in Decoder High
GHSA-mx64-mj3q-7prj was published for github.com/iskorotkov/avro/v2 (Go) May 18, 2026
klajok Credited to klajok
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a... Low Unreviewed
CVE-2026-0428 was published May 15, 2026
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a... Low Unreviewed
CVE-2025-66660 was published May 15, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18... High Unreviewed
CVE-2025-14869 was published May 14, 2026
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()` High
CVE-2026-44635 was published for kysely (npm) May 11, 2026
StarPlatinu Credited to StarPlatinu and igalklebanov igalklebanov igalklebanov
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS) Moderate
GHSA-88q9-cmp2-c2vq was published for OxidizePdf.NET (NuGet) May 11, 2026
bzsanti Credited to bzsanti
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() Low
CVE-2026-44459 was published for hono (npm) May 9, 2026
AdmirBajric Credited to AdmirBajric
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an... High Unreviewed
CVE-2026-25863 was published May 4, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-14688 was published May 1, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2026-1577 was published May 1, 2026
An authorization flaw in the user management command could allow an authenticated user to make... Moderate Unreviewed
CVE-2026-6915 was published Apr 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database