GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
309 advisories
Filter by severity
A malicious actor with access to the network and under certain conditions could exploit an...
High
Unreviewed
CVE-2026-54409
was published
Jul 2, 2026
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Moderate
CVE-2026-54777
was published
for
CoreWCF.NetNamedPipe
(NuGet)
Jun 19, 2026
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation...
Moderate
Unreviewed
CVE-2026-12539
was published
Jun 18, 2026
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Moderate
GHSA-cmwh-pvxp-8882
was published
for
dompurify
(npm)
Jun 18, 2026
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Low
CVE-2026-54279
was published
for
aiohttp
(pip)
Jun 15, 2026
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal...
Moderate
Unreviewed
CVE-2025-35991
was published
May 12, 2026
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)
High
GHSA-f5v8-v6q3-q4h6
was published
for
Meridian.Mapping
(NuGet)
Apr 16, 2026
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that...
High
Unreviewed
CVE-2026-0940
was published
Mar 11, 2026
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for...
High
Unreviewed
CVE-2025-66363
was published
Mar 3, 2026
filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity
Low
CVE-2026-26958
was published
for
filippo.io/edwards25519
(Go)
Feb 18, 2026
Missing Checks in certain functions related to RMP initialization can allow a local admin...
Low
Unreviewed
CVE-2025-48509
was published
Feb 10, 2026
Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series...
Low
Unreviewed
CVE-2025-25058
was published
Feb 10, 2026
In the context switch logic Xen attempts to skip an IBPB in the case of
a vCPU returning to a CPU...
Low
Unreviewed
CVE-2026-23553
was published
Jan 28, 2026
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of...
High
Unreviewed
CVE-2026-21913
was published
Jan 15, 2026
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function...
Moderate
Unreviewed
CVE-2025-14955
was published
Dec 19, 2025
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with...
Moderate
Unreviewed
CVE-2025-12902
was published
Nov 7, 2025
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor...
Low
Unreviewed
CVE-2024-36331
was published
Sep 6, 2025
ArrayQueue's push_front is not panic-safe
Moderate
GHSA-xqjr-wfx3-gmxv
was published
for
array-queue
(Rust)
Sep 2, 2025
IdMap from_iter may lead to uninitialized memory being freed on drop
Moderate
GHSA-qq4c-hm99-979m
was published
for
id-map
(Rust)
Aug 18, 2025
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet...
Low
Unreviewed
CVE-2025-24511
was published
Aug 12, 2025
AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by...
Moderate
Unreviewed
CVE-2025-22834
was published
Aug 12, 2025
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40...
Moderate
Unreviewed
CVE-2025-5745
was published
Jun 5, 2025
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39...
Moderate
Unreviewed
CVE-2025-5702
was published
Jun 5, 2025
Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may...
Moderate
Unreviewed
CVE-2025-21100
was published
May 13, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
ProTip!
Advisories are also available from the
GraphQL API