GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,296
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
167 advisories
Filter by severity
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the...
High
Unreviewed
CVE-2026-58380
was published
Jul 6, 2026
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
High
Unreviewed
CVE-2026-12413
was published
Jul 3, 2026
UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used...
Low
Unreviewed
CVE-2026-44042
was published
Jul 1, 2026
UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB...
High
Unreviewed
CVE-2026-7831
was published
Jul 1, 2026
A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list...
High
Unreviewed
CVE-2026-58014
was published
Jun 30, 2026
In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link...
Moderate
Unreviewed
CVE-2026-58374
was published
Jun 30, 2026
In the Linux kernel, the following vulnerability has been resolved:
tty: hvc_iucv: fix off-by...
Moderate
Unreviewed
CVE-2026-53306
was published
Jun 26, 2026
In the Linux kernel, the following vulnerability has been resolved:
ocfs2/dlm: fix off-by-one in...
Critical
Unreviewed
CVE-2026-53309
was published
Jun 26, 2026
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in...
High
Unreviewed
CVE-2026-56790
was published
Jun 25, 2026
RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3...
Moderate
Unreviewed
CVE-2026-56787
was published
Jun 25, 2026
In the Linux kernel, the following vulnerability has been resolved:
6lowpan: fix off-by-one in...
Moderate
Unreviewed
CVE-2026-53263
was published
Jun 25, 2026
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
Moderate
CVE-2026-52804
was published
for
gogs.io/gogs
(Go)
Jun 23, 2026
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow...
Moderate
Unreviewed
CVE-2026-8357
was published
Jun 15, 2026
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header()...
High
Unreviewed
CVE-2026-54410
was published
Jun 14, 2026
In the Linux kernel, the following vulnerability has been resolved:
media: rockchip: rkcif: fix...
High
Unreviewed
CVE-2026-52907
was published
Jun 9, 2026
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability...
High
Unreviewed
CVE-2026-49127
was published
May 28, 2026
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix num_ops off-by-one...
Moderate
Unreviewed
CVE-2026-46066
was published
May 27, 2026
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check....
Moderate
Unreviewed
CVE-2026-42015
was published
May 27, 2026
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix
Moderate
GHSA-jqq5-8px3-9m6m
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 21, 2026
An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent...
Moderate
Unreviewed
CVE-2026-44065
was published
May 21, 2026
ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.
Moderate
CVE-2026-46559
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
ImageMagick: Out-of-Bounds Read of a single byte in meta encoder
Moderate
CVE-2026-45358
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 18, 2026
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE...
Low
Unreviewed
CVE-2026-44603
was published
May 7, 2026
Velocidex Velociraptor has an off-by-one error
Moderate
CVE-2026-7572
was published
for
www.velocidex.com/golang/velociraptor
(Go)
May 6, 2026
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over...
Low
Unreviewed
CVE-2026-43964
was published
May 4, 2026
ProTip!
Advisories are also available from the
GraphQL API