Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

489 advisories

Loading
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to... Moderate Unreviewed
CVE-2023-31309 was published May 15, 2026
gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers Moderate
CVE-2026-44310 was published for github.com/sigstore/gitsign (Go) May 8, 2026
bugbunny-research Credited to bugbunny-research
vLLM Vulnerable to Remote DoS via Special-Token Placeholders Moderate
CVE-2026-44222 was published for vllm (pip) May 5, 2026
wumingzhilian Credited to wumingzhilian
Incus Vulnerable to Panic via Snapshot Bounds Check High
CVE-2026-40251 was published for github.com/lxc/incus/v6/cmd/incusd (Go) May 4, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing... High Unreviewed
CVE-2026-31776 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: Set... High Unreviewed
CVE-2026-31764 was published May 1, 2026
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate... High Unreviewed
CVE-2026-31729 was published May 1, 2026
GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE High
CVE-2026-41643 was published for github.com/osrg/gobgp/v4 (Go) Apr 29, 2026
bacon251 Credited to bacon251
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller High
CVE-2026-40886 was published for github.com/argoproj/argo-workflows/v3 (Go) Apr 23, 2026
thevilledev Credited to thevilledev
Missing bounds validation for operator could allow out of range operator-code lookup during... Moderate Unreviewed
CVE-2026-6840 was published Apr 22, 2026
Step CA affected by an index out of bounds panic in TPM attestation EKU validation Low
CVE-2026-40097 was published for github.com/smallstep/certificates (Go) Apr 10, 2026
1seal Credited to 1seal
Wasmtime: Panic when transcoding misaligned utf-16 strings Moderate
CVE-2026-34942 was published for wasmtime (Rust) Apr 9, 2026
alexcrichton Credited to alexcrichton
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of... Critical Unreviewed
CVE-2026-21413 was published Apr 7, 2026
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add... High Unreviewed
CVE-2026-23447 was published Apr 3, 2026
EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory High
GHSA-32wq-ppwg-3w4m was published for EnhancedLinq.Async (NuGet) Apr 1, 2026
go-git missing validation decoding Index v4 files leads to panic Low
CVE-2026-33762 was published for github.com/go-git/go-git/v5 (Go) Mar 30, 2026
kq5y Credited to kq5y
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct... High Unreviewed
CVE-2026-23354 was published Mar 25, 2026
Packetbeat does not properly validate an array index in multiple protocol parser components Moderate
CVE-2026-26933 was published for github.com/elastic/beats/v7 (Go) Mar 19, 2026
Ella Core panics on invalid PDU Session IDs in NGAP messages Moderate
CVE-2026-33281 was published for github.com/ellanetworks/core (Go) Mar 19, 2026
p1-aji Credited to p1-aji
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode High
CVE-2026-4427 was published for github.com/jackc/pgproto3/v2 (Go) Mar 19, 2026 withdrawn
gosaml2 CBC Padding Panic — Unauthenticated Process Crash High
GHSA-hwqm-qvj9-4jr2 was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS High
CVE-2026-32937 was published for github.com/free5gc/chf (Go) Mar 18, 2026
LinZiyuu Credited to LinZiyuu
Denial of service in github.com/jackc/pgproto3/v2 High
CVE-2026-32286 was published for github.com/jackc/pgproto3/v2 (Go) Mar 18, 2026
github.com/buger/jsonparser has a denial of service vulnerability High
CVE-2026-32285 was published for github.com/buger/jsonparser (Go) Mar 18, 2026
westonsteimel Credited to westonsteimel
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun Moderate
CVE-2026-33022 was published for github.com/tektoncd/pipeline (Go) Mar 17, 2026
1seal Credited to 1seal, vdemeester, and afrittoli vdemeester vdemeester
afrittoli afrittoli
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database