Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

2,950 advisories

Loading
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0
Credited to xtle0o0
Antrea has invalid enforcement order for network policy rules caused by integer overflow High
CVE-2026-25804 was published for antrea.io/antrea (Go) Feb 6, 2026
antoninbas
Credited to antoninbas
LookupResources Cursor section tampering can crash SpiceDB process via tuple.MustParse panic Low
GHSA-vhvq-fv9f-wh4q was published for github.com/authzed/spicedb (Go) Feb 6, 2026
1seal
Credited to 1seal
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
Gogs has authorization bypass in repository deletion API Moderate
CVE-2025-65852 was published for gogs.io/gogs (Go) Feb 6, 2026
Yannis175
Credited to Yannis175
Gogs vulnerable to Stored XSS via Mermaid diagrams High
GHSA-26gq-grmh-6xm6 was published for gogs.io/gogs (Go) Feb 6, 2026
jdomeracki
Credited to jdomeracki
Gophish is vulnerable to Incorrect Access Control Moderate
CVE-2025-70963 was published for github.com/gophish/gophish (Go) Feb 6, 2026
Mattermost Confluence plugin doesn't properly escape user-controlled display names in HTML template rendering High
CVE-2025-13523 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Feb 6, 2026
Gogs vulnerable to arbitrary file deletion via Path Traversal in wiki page update High
CVE-2026-24135 was published for gogs.io/gogs (Go) Feb 6, 2026
reschjonas
Credited to reschjonas
Gogs has arbitrary file read/write via Path Traversal in Git hook editing Moderate
CVE-2026-23633 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs user can update repository content with read-only permission Moderate
CVE-2026-23632 was published for gogs.io/gogs (Go) Feb 6, 2026
odgrso
Credited to odgrso
Gogs has a Denial of Service issue Moderate
CVE-2026-22592 was published for gogs.io/gogs (Go) Feb 6, 2026
Neptunium931
Credited to Neptunium931
Gogs Vulnerable to 2FA Bypass via Recovery Code High
CVE-2025-64175 was published for gogs.io/gogs (Go) Feb 6, 2026
Gogs's update .git/config file allows remote command execution Critical
CVE-2025-64111 was published for gogs.io/gogs (Go) Feb 6, 2026
ROPShell
Credited to ROPShell
Sliver Vulnerable to Website Path Traversal / Arbitrary File Read (Authenticated) Moderate
CVE-2026-25760 was published for github.com/bishopfox/sliver (Go) Feb 5, 2026
xtle0o0
Credited to xtle0o0
OpenFGA Improper Policy Enforcement Moderate
CVE-2026-24851 was published for github.com/openfga/openfga (Go) Feb 5, 2026
OpenCloud Affected by Public Link Exploit High
GHSA-vf5j-r2hw-2hrw was published for github.com/opencloud-eu/opencloud (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
OpenCloud Reva has a Public Link Exploit High
CVE-2026-23989 was published for github.com/opencloud-eu/reva/v2 (Go) Feb 5, 2026
rhafer aduffeck
dragotin micbar
Credited to rhafer, aduffeck, dragotin, and micbar
FrankenPHP has delayed propagation of security fixes in upstream base images Critical
GHSA-x9p2-77v6-6vhf was published for github.com/dunglas/frankenphp (Go) Feb 5, 2026
opctim dunglas
Credited to opctim and dunglas
EVE Has Partially Predetermined Vault Key Moderate
CVE-2023-43637 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Rootfs Moderate
CVE-2023-43636 was published for github.com/lf-edge/eve/pkg/grub (Go) Feb 4, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE Freely Allocates Buffer on The Stack With Data From Socket Moderate
CVE-2023-43632 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database