Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,003
Maven
5,000+
npm
4,732
NuGet
788
pip
4,341
Pub
12
RubyGems
987
Rust
1,137
Swift
50
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Django has an SQL Injection issue Moderate
CVE-2026-1312 was published for Django (pip) Feb 3, 2026
sunnypatell
Credited to sunnypatell
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Moderate
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
sunnypatell
Credited to sv-LayZ, danharrin, and sunnypatell
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Low
CVE-2024-58262 was published for curve25519-dalek (Rust) Jun 18, 2024
sunnypatell
Credited to sunnypatell
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials High
CVE-2024-28110 was published for github.com/cloudevents/sdk-go/v2 (Go) Mar 6, 2024
mattmoor tcnghia
sunnypatell
Credited to mattmoor, tcnghia, and sunnypatell
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits High
CVE-2024-28101 was published for apollo-router (Rust) Mar 6, 2024
IvanGoncharov Geal
peakematt sunnypatell
Credited to IvanGoncharov, Geal, peakematt, and sunnypatell
*const c_void / ExternalPointer unsoundness leading to use-after-free High
CVE-2024-27934 was published for Deno (Rust) Mar 6, 2024
leesh3288 sunnypatell
Credited to leesh3288 and sunnypatell
Remote Code Execution by uploading a phar file using frontmatter High
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122 sunnypatell
Credited to Universe1122 and sunnypatell
Shopware's session is persistent in Cache for 404 pages High
CVE-2024-27917 was published for shopware/platform (Composer) Mar 6, 2024
sunnypatell
Credited to sunnypatell
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability High
CVE-2024-21386 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Feb 13, 2024
bbossola gillarramendi
sunnypatell
Credited to bbossola, gillarramendi, and sunnypatell
mel-spintax has Inefficient Regular Expression Complexity Moderate
CVE-2018-25077 was published for mel-spintax (npm) Jan 18, 2023
sunnypatell
Credited to sunnypatell
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
sunnypatell
Credited to sunnypatell
Improper handling of multiline messages in node-irc High
GHSA-52rh-5rpj-c3w6 was published for matrix-org-irc (npm) May 5, 2022
kurt-r2c sunnypatell
Credited to kurt-r2c and sunnypatell
SQL Injection in typeorm Critical
GHSA-w7q7-vjp8-7jv4 was published for typeorm (npm) Jun 6, 2019
sunnypatell
Credited to sunnypatell
Path Traversal in angular-http-server High
GHSA-vmhw-fhj6-m3g5 was published for angular-http-server (npm) May 31, 2019
sunnypatell
Credited to sunnypatell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database