Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,957
Maven
5,000+
npm
4,607
NuGet
788
pip
4,307
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Preact has JSON VNode Injection issue High
CVE-2026-22028 was published for preact (npm) Jan 7, 2026
Xvezda
Credited to Xvezda
astral-tokio-tar Vulnerable to PAX Header Desynchronization High
CVE-2025-62518 was published for astral-tokio-tar (Rust) Oct 21, 2025
woodruffw tycho
azenla anners mnm678 zanieb joshbressers
Credited to woodruffw, tycho, azenla, anners, mnm678, zanieb, and joshbressers
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter High
CVE-2025-22153 was published for RestrictedPython (pip) Jan 23, 2025
icemac Nico-Posada
dataflake tseaver
Credited to icemac, Nico-Posada, dataflake, and tseaver
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
eyre: Parts of Report are dropped as the wrong type during downcast High
GHSA-4v52-7q2x-v4xj was published for eyre (Rust) Apr 5, 2024
Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions High
GHSA-r3vq-92c6-3mqf was published for @sequelize/core (npm) Feb 16, 2023 withdrawn
Vulnerable OpenSSL included in cryptography wheels High
CVE-2023-0286 was published for cryptography (pip) Feb 8, 2023
ehe9991
Credited to ehe9991
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri High
CVE-2019-13118 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type High
CVE-2022-29181 was published for nokogiri (RubyGems) May 23, 2022
agustingianni decsecre583
Credited to agustingianni and decsecre583
ChakraCore RCE Vulnerability High
CVE-2016-7201 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8384 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8298 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8291 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8229 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
ChakraCore RCE Vulnerability High
CVE-2018-8133 was published for Microsoft.ChakraCore (NuGet) May 13, 2022
Type Confusion in LiveHelperChat High
CVE-2022-1176 was published for remdex/livehelperchat (Composer) Apr 1, 2022
`CHECK`-failures in Tensorflow High
CVE-2022-21734 was published for tensorflow (pip) Feb 10, 2022
Type confusion leading to segfault in Tensorflow High
CVE-2022-21731 was published for tensorflow (pip) Feb 10, 2022
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch
Credited to mroch
Data races in model High
CVE-2020-36460 was published for model (Rust) Aug 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database