Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,846
Maven
5,000+
npm
4,478
NuGet
779
pip
4,233
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

25,521 advisories

Loading
Seroval affected by Denial of Service via Array serialization High
CVE-2026-23957 was published for seroval (npm) Jan 21, 2026
tweidinger lxsmnsyc
Credited to tweidinger and lxsmnsyc
seroval affected by Denial of Service via RegExp serialization High
CVE-2026-23956 was published for seroval (npm) Jan 21, 2026
tweidinger lxsmnsyc
Credited to tweidinger and lxsmnsyc
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization Moderate
CVE-2026-23946 was published for tendenci (pip) Jan 21, 2026
nedlir
Credited to nedlir
@envelop/graphql-modules has a Race Condition vulnerability High
GHSA-h3hw-29fv-2x75 was published for @envelop/graphql-modules (npm) Jan 21, 2026
DuckThom enisdenjo
ardatan
Credited to DuckThom, enisdenjo, and ardatan
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
go-tuf affected by client DoS via malformed server response Moderate
CVE-2026-23991 was published for github.com/theupdateframework/go-tuf (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
sm-crypto Affected by Private Key Recovery in SM2-PKE Critical
CVE-2026-23966 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier Moderate
CVE-2026-23959 was published for coreshop/core-shop (Composer) Jan 21, 2026
bypazs PlyNatwara
Credited to bypazs and PlyNatwara
vLLM affected by RCE via auto_map dynamic module loading during model initialization High
CVE-2026-22807 was published for vllm (pip) Jan 21, 2026
zaddy6 arthurgervais
DarkLight1337 russellb
Credited to zaddy6, arthurgervais, DarkLight1337, and russellb
mailqueue TYPO3 extension affected by Insecure Deserialization Moderate
CVE-2026-0895 was published for cpsit/typo3-mailqueue (Composer) Jan 21, 2026
eliashaeussler
Credited to eliashaeussler
seroval Affected by Remote Code Execution via JSON Deserialization High
CVE-2026-23737 was published for seroval (npm) Jan 21, 2026
GabbeV tweidinger
lxsmnsyc
Credited to GabbeV, tweidinger, and lxsmnsyc
seroval Affected by Prototype Pollution via JSON Deserialization High
CVE-2026-23736 was published for seroval (npm) Jan 21, 2026
lxsmnsyc tweidinger
Credited to lxsmnsyc and tweidinger
Laravel Redis Horizontal Scaling Insecure Deserialization Critical
CVE-2026-23524 was published for laravel/reverb (Composer) Jan 21, 2026
m0h4mmad
Credited to m0h4mmad
ImageMagick has a NULL pointer dereference in MSL parser via <comment> tag before image load Moderate
CVE-2026-23952 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML Moderate
GHSA-qp59-x883-77qv was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
Keryer
Credited to Keryer
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS High
CVE-2026-23950 was published for tar (npm) Jan 21, 2026
tomasilluminati
Credited to tomasilluminati
ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript Moderate
CVE-2026-23874 was published for Magick.NET-Q16-AnyCPU (NuGet) Jan 21, 2026
OwenSanzas
Credited to OwenSanzas
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash Moderate
CVE-2026-23886 was published for github.com/swift-otel/swift-otel (Swift) Jan 21, 2026
czechboy0 slashmo
Credited to czechboy0 and slashmo
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper Moderate
CVE-2026-23885 was published for alchemy_cms (RubyGems) Jan 21, 2026
TheDeepOpc tvdeyen
Credited to TheDeepOpc and tvdeyen
ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component Moderate
CVE-2026-23833 was published for esphome (pip) Jan 21, 2026
Mat931
Credited to Mat931
Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user Moderate
CVE-2026-23877 was published for swingmusic (pip) Jan 21, 2026
d-virtuosa
Credited to d-virtuosa
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER hacdias
Credited to GUCHIHACKER and hacdias
SiYuan vulnerable to Arbitrary file Read / SSRF High
CVE-2026-23850 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 21, 2026
abdoghazy2015 xtromera
A-Z4ki
Credited to abdoghazy2015, xtromera, and A-Z4ki
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database