GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
netfoil has a domain name filter bypass via multiple questions
Moderate
GHSA-59qp-cfj3-rp64
was published
for
github.com/tinfoil-factory/netfoil
(Go)
Jul 7, 2026
Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing
High
CVE-2026-48788
was published
for
github.com/umputun/remark42
(Go)
Jun 26, 2026
Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters
Moderate
CVE-2026-30246
was published
for
github.com/gofiber/fiber/v3
(Go)
Apr 28, 2026
Heimdall has an authorization bypass via path normalization mismatch
High
CVE-2026-42274
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Heimdall: Case-sensitive host matching may lead to policy bypass
High
CVE-2026-42273
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation
High
CVE-2026-42272
was published
for
github.com/dadrus/heimdall
(Go)
Apr 25, 2026
Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk
High
GHSA-q382-vc8q-7jhj
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Mar 19, 2026
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
High
CVE-2026-27896
was published
for
github.com/modelcontextprotocol/go-sdk
(Go)
Feb 26, 2026
Path Normalization Bypass in Traefik Router + Middleware Rules
Moderate
CVE-2025-66490
was published
for
github.com/traefik/traefik
(Go)
Dec 8, 2025
RatPanel can perform remote command execution without authorization
High
CVE-2025-53534
was published
for
github.com/tnborg/panel
(Go)
Aug 4, 2025
Git LFS permits exfiltration of credentials via crafted HTTP URLs
High
CVE-2024-53263
was published
for
github.com/git-lfs/git-lfs
(Go)
Jan 14, 2025
Gateway API route matching order contradicts specification
Moderate
CVE-2024-42487
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Broken Authorization in ZITADEL Actions
High
CVE-2022-36051
was published
for
github.com/zitadel/zitadel
(Go)
Aug 30, 2022
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API