Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,954
Maven
5,000+
npm
4,606
NuGet
787
pip
4,305
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,346 advisories

Loading
go-git improperly verifies data integrity values for .idx and .pack files Moderate
CVE-2026-25934 was published for github.com/go-git/go-git/v5 (Go) Feb 10, 2026
N0zoM1z0
Credited to N0zoM1z0
File Browser has an Authentication Bypass in User Password Update Moderate
CVE-2026-25889 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 10, 2026
dogadmin hacdias
Credited to dogadmin and hacdias
Gogs has authorization bypass in repository deletion API Moderate
CVE-2025-65852 was published for gogs.io/gogs (Go) Feb 6, 2026
Yannis175
Credited to Yannis175
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Gogs has arbitrary file read/write via Path Traversal in Git hook editing Moderate
CVE-2026-23633 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs user can update repository content with read-only permission Moderate
CVE-2026-23632 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs has a Denial of Service issue Moderate
CVE-2026-22592 was published for gogs.io/gogs (Go) Feb 6, 2026
Neptunium931
Credited to Neptunium931
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) Moderate
CVE-2026-25760 was published for github.com/bishopfox/sliver (Go) Feb 5, 2026
xtle0o0
Credited to xtle0o0
OpenFGA Improper Policy Enforcement Moderate
CVE-2026-24851 was published for github.com/openfga/openfga (Go) Feb 5, 2026
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Rootfs Moderate
CVE-2023-43636 was published for github.com/lf-edge/eve/pkg/grub (Go) Feb 4, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Measure Config Partition From 2 Fronts Moderate
CVE-2023-43630 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability Moderate
CVE-2026-24735 was published for github.com/apache/answer (Go) Feb 4, 2026
ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2026-24514 was published for k8s.io/ingress-nginx (Go) Feb 4, 2026
Navidrome has XSS via comment from song metadata Moderate
CVE-2026-25578 was published for github.com/navidrome/navidrome (Go) Feb 4, 2026
AlexGustafsson
Credited to AlexGustafsson
melange has a path traversal in license-path which allows reading files outside workspace Moderate
CVE-2026-25145 was published for chainguard.dev/melange (Go) Feb 4, 2026
1seal sil2100
antitree egibs eslerm
Credited to 1seal, sil2100, antitree, egibs, and eslerm
apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams Moderate
CVE-2026-25122 was published for chainguard.dev/apko (Go) Feb 3, 2026
1seal egibs
antitree jdolitsky
Credited to 1seal, egibs, antitree, and jdolitsky
cert-manager-controller DoS via Specially Crafted DNS Response Moderate
CVE-2026-25518 was published for github.com/cert-manager/cert-manager (Go) Feb 2, 2026
1seal SgtCoDFish
Credited to 1seal and SgtCoDFish
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow Moderate
GHSA-grh9-37g7-53mj was published for github.com/h44z/wg-portal (Go) Feb 2, 2026
coolsarne floerer
Credited to coolsarne and floerer
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction Moderate
CVE-2026-24846 was published for github.com/chainguard-dev/malcontent (Go) Jan 29, 2026
1seal egibs
antitree stevebeattie eslerm
Credited to 1seal, egibs, antitree, stevebeattie, and eslerm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database