GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
309 advisories
Filter by severity
A malicious actor with access to the network and under certain conditions could exploit an...
High
Unreviewed
CVE-2026-54409
was published
Jul 2, 2026
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Moderate
CVE-2026-54777
was published
for
CoreWCF.NetNamedPipe
(NuGet)
Jun 19, 2026
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation...
Moderate
Unreviewed
CVE-2026-12539
was published
Jun 18, 2026
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Moderate
GHSA-cmwh-pvxp-8882
was published
for
dompurify
(npm)
Jun 18, 2026
aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence
Low
CVE-2026-54279
was published
for
aiohttp
(pip)
Jun 15, 2026
PyTorch: Manipulation of the argument scale/zero_point leads to improper initialization via Quantized Sigmoid Module
Low
CVE-2025-2149
was published
for
torch
(pip)
Mar 10, 2025
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal...
Moderate
Unreviewed
CVE-2025-35991
was published
May 12, 2026
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable:...
Moderate
Unreviewed
CVE-2024-45018
was published
Sep 11, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix...
Moderate
Unreviewed
CVE-2024-38558
was published
Jun 19, 2024
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)
High
GHSA-f5v8-v6q3-q4h6
was published
for
Meridian.Mapping
(NuGet)
Apr 16, 2026
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10...
High
Unreviewed
CVE-2008-3637
was published
May 2, 2022
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite ...
Moderate
Unreviewed
CVE-2018-2934
was published
May 13, 2022
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP...
Moderate
Unreviewed
CVE-2001-1471
was published
Apr 30, 2022
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure...
Low
Unreviewed
CVE-2021-36319
was published
Nov 21, 2021
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which...
High
Unreviewed
CVE-2008-0062
was published
May 1, 2022
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that...
High
Unreviewed
CVE-2026-0940
was published
Mar 11, 2026
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for...
High
Unreviewed
CVE-2025-66363
was published
Mar 3, 2026
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function...
Moderate
Unreviewed
CVE-2025-14955
was published
Dec 19, 2025
filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity
Low
CVE-2026-26958
was published
for
filippo.io/edwards25519
(Go)
Feb 18, 2026
Missing Checks in certain functions related to RMP initialization can allow a local admin...
Low
Unreviewed
CVE-2025-48509
was published
Feb 10, 2026
Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series...
Low
Unreviewed
CVE-2025-25058
was published
Feb 10, 2026
In the context switch logic Xen attempts to skip an IBPB in the case of
a vCPU returning to a CPU...
Low
Unreviewed
CVE-2026-23553
was published
Jan 28, 2026
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of...
High
Unreviewed
CVE-2026-21913
was published
Jan 15, 2026
Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Moderate
CVE-2024-12289
was published
for
github.com/hashicorp/boundary
(Go)
Dec 13, 2024
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with...
Moderate
Unreviewed
CVE-2025-12902
was published
Nov 7, 2025
ProTip!
Advisories are also available from the
GraphQL API