Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,043
Maven
5,000+
npm
4,781
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

317,861 advisories

Loading
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API High
CVE-2026-27946 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
livio-a Credited to livio-a and IAM-marco IAM-marco IAM-marco
ZITADEL's truncated opaque tokens are still valid Moderate
CVE-2026-27840 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
lucasdodgson Credited to lucasdodgson, muhlemmer, livio-a, and wim07101993 muhlemmer muhlemmer
livio-a livio-a wim07101993 wim07101993
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint High
CVE-2026-27836 was published for thorsten/phpmyfaq (Composer) Feb 27, 2026
Offensive-AI Credited to Offensive-AI
Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID Moderate
CVE-2026-27734 was published for github.com/henrygd/beszel (Go) Feb 27, 2026
nekros1xx Credited to nekros1xx
registry-support: decompress can delete files outside scope via relative paths Moderate
CVE-2024-1485 was published for github.com/devfile/registry-support/registry-library (Go) Feb 14, 2024
cebarks Credited to cebarks
Eclipse Vert.x vulnerable to a memory leak in TCP servers Moderate
CVE-2024-1300 was published for io.vertx:vertx-core (Maven) Apr 2, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657 Moderate
CVE-2023-50781 was published for m2crypto (pip) Feb 5, 2024
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier Credited to cescoffier
esm.sh is vulnerable to full-response SSRF High
CVE-2025-50180 was published for github.com/esm-dev/esm.sh (Go) Feb 25, 2026
bestlzk Credited to bestlzk
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution High
CVE-2026-27727 was published for com.mchange:mchange-commons-java (Maven) Feb 25, 2026
dpp Credited to dpp
OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec() Critical
CVE-2026-27728 was published for @oneuptime/common (npm) Feb 25, 2026
dxlerYT Credited to dxlerYT
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo High
CVE-2026-27700 was published for hono (npm) Feb 25, 2026
EdamAme-x Credited to EdamAme-x
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation Low
CVE-2026-22866 was published for @ensdomains/ens-contracts (npm) Feb 25, 2026
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Low
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
Budibase Improper Control of Dynamically-Managed Code Resources vulnerability Moderate
CVE-2022-3225 was published for @budibase/bbui (npm) Sep 17, 2022
deepHas vulnerable to Prototype Pollution via constructor.prototype Critical
CVE-2026-25047 was published for deephas (npm) Jan 29, 2026
kevgeoleo Credited to kevgeoleo, vdata1, and reallyTG vdata1 vdata1
reallyTG reallyTG
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake Moderate
CVE-2026-26315 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
fengjian Credited to fengjian
NeuVector scanner insecurely handles passwords as command arguments Low
CVE-2025-67860 was published for github.com/neuvector/scanner (Go) Feb 12, 2026
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern Critical
CVE-2025-62878 was published for github.com/rancher/local-path-provisioner (Go) Feb 4, 2026
Rancher CLI skips TLS verification on Rancher CLI login command High
CVE-2025-67601 was published for github.com/rancher/rancher (Go) Feb 1, 2026
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory High
CVE-2026-27598 was published for github.com/dagu-org/dagu (Go) Feb 24, 2026
Go Ethereum affected by DoS via malicious p2p message High
CVE-2026-26314 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
Go Ethereum affected by DoS via malicious p2p message Moderate
CVE-2026-26313 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
revofusion Credited to revofusion
uTLS has a fingerprint vulnerability from missing padding extension for Chrome 120 Low
CVE-2026-26995 was published for github.com/refraction-networking/utls (Go) Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database