GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Alist vulnerable to Path Traversal in multiple file operation handlers
High
CVE-2026-25161
was published
for
github.com/alist-org/alist/v3
(Go)
Feb 4, 2026
Alist has Insecure TLS Config
Critical
CVE-2026-25160
was published
for
github.com/alist-org/alist/v3
(Go)
Feb 4, 2026
OpenList has Insecure TLS Default Configuration
High
CVE-2026-25060
was published
for
github.com/OpenListTeam/OpenList/v4
(Go)
Feb 2, 2026
OpenList vulnerable to Path Traversal in file copy and remove handlers
High
CVE-2026-25059
was published
for
github.com/OpenListTeam/OpenList/v4
(Go)
Feb 2, 2026
sm-crypto Affected by Signature Forgery in SM2-DSA
High
CVE-2026-23965
was published
for
sm-crypto
(npm)
Jan 21, 2026
sm-crypto Affected by Signature Malleability in SM2-DSA
High
CVE-2026-23967
was published
for
sm-crypto
(npm)
Jan 21, 2026
sm-crypto Affected by Private Key Recovery in SM2-PKE
Critical
CVE-2026-23966
was published
for
sm-crypto
(npm)
Jan 21, 2026
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
High
CVE-2026-22700
was published
for
sm2
(Rust)
Jan 13, 2026
SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
High
CVE-2026-22699
was published
for
sm2
(Rust)
Jan 9, 2026
SM2-PKE has 32-bit Biased Nonce Vulnerability
High
CVE-2026-22698
was published
for
sm2
(Rust)
Jan 9, 2026
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
High
GHSA-j44m-5v8f-gc9c
was published
for
flowise
(npm)
Oct 10, 2025
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks
High
CVE-2025-57801
was published
for
github.com/consensys/gnark
(Go)
Aug 22, 2025
ProTip!
Advisories are also available from the
GraphQL API