GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update
High
CVE-2026-52829
was published
for
zebra-network
(Rust)
Jul 2, 2026
vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution
High
CVE-2026-41523
was published
for
vllm
(pip)
Jun 16, 2026
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
High
CVE-2026-44321
was published
for
github.com/free5gc/smf
(Go)
May 8, 2026
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
High
CVE-2026-44319
was published
for
github.com/free5gc/nef
(Go)
May 8, 2026
Kyverno Controller Denial of Service via forEach Mutation Panic
High
CVE-2026-41485
was published
for
github.com/kyverno/kyverno
(Go)
Apr 24, 2026
libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling
High
CVE-2026-34219
was published
for
libp2p-gossipsub
(Rust)
Mar 30, 2026
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
High
CVE-2026-32314
was published
for
yamux
(Rust)
Mar 13, 2026
golang.org/x/crypto/ssh/agent has a potential denial of service
High
CVE-2025-47913
was published
for
golang.org/x/crypto/ssh/agent
(Go)
Nov 14, 2025
quic-go: Panic occurs when queuing undecryptable packets after handshake completion
High
CVE-2025-59530
was published
for
github.com/quic-go/quic-go
(Go)
Oct 10, 2025
rPGP Panics on Malformed Untrusted Input
High
CVE-2024-53856
was published
for
pgp
(Rust)
Dec 5, 2024
Denial of Service via reachable assertion
High
CVE-2022-24777
was published
for
github.com/grpc/grpc-swift
(Swift)
Jun 9, 2023
xml-rs vulnerable to denial of service via invalid token in XML document
High
CVE-2023-34411
was published
for
xml-rs
(Rust)
Jun 5, 2023
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
High
CVE-2020-36562
was published
for
github.com/shiyanhui/dht
(Go)
Dec 28, 2022
NLnet Labs Routinator has Reachable Assertion vulnerability
High
CVE-2022-3029
was published
for
routinator
(Rust)
Sep 14, 2022
Reachable Assertion in Tensorflow
High
CVE-2022-23564
was published
for
tensorflow
(pip)
Feb 9, 2022
Assertion failure based denial of service in Tensorflow
High
CVE-2022-21737
was published
for
tensorflow
(pip)
Feb 9, 2022
`CHECK`-fails when building invalid tensor shapes in Tensorflow
High
CVE-2022-23569
was published
for
tensorflow
(pip)
Feb 9, 2022
Reachable Assertion in Tensorflow
High
CVE-2022-23571
was published
for
tensorflow
(pip)
Feb 9, 2022
Crash when type cannot be specialized in Tensorflow
High
CVE-2022-23572
was published
for
tensorflow
(pip)
Feb 9, 2022
Incorrect implementation in streebog
High
CVE-2019-25007
was published
for
streebog
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API