Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,044
Maven
5,000+
npm
4,782
NuGet
825
pip
4,382
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster Moderate
CVE-2026-27120 was published for leaf-kit (Swift) Feb 19, 2026
bawolff Credited to bawolff, ptoffy, 0xTim, and gwynne ptoffy ptoffy
0xTim 0xTim gwynne gwynne
Container and Containerization archive extraction does not guard against escapes from extraction base directory. Low
CVE-2026-20613 was published for github.com/apple/container (Swift) Jan 22, 2026
LLfam Credited to LLfam
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash Moderate
CVE-2026-23886 was published for github.com/swift-otel/swift-otel (Swift) Jan 21, 2026
czechboy0 Credited to czechboy0 and slashmo slashmo slashmo
jose-swift has JWT Signature Verification Bypass via None Algorithm High
GHSA-88q6-jcjg-hvmw was published for github.com/beatt83/jose-swift (Swift) Jan 9, 2026
snyff Credited to snyff
AWS SDK for Swift adopted defense in depth enhancement for region parameter value Low
GHSA-pc9j-5v36-2mww was published for github.com/awslabs/aws-sdk-swift (Swift) Jan 8, 2026
swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability Moderate
GHSA-xvr7-p2c6-j83w was published for github.com/apple/swift-nio-http2 (Swift) Aug 13, 2025
galbarnahum Credited to galbarnahum and AnatBB AnatBB AnatBB
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep Credited to Fidget-Grep
ExecuTorch heap buffer overflow vulnerability Critical
CVE-2025-54949 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep Credited to Fidget-Grep
ExecuTorch vulnerable to Heap-based Buffer Overflow Critical
CVE-2025-54951 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep Credited to Fidget-Grep
ExecuTorch out-of-bounds access vulnerability Critical
CVE-2025-54950 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep Credited to Fidget-Grep
ExecuTorch vulnerable to Heap-based Buffer Overflow attack High
CVE-2025-30402 was published for executorch (Maven) Jul 11, 2025
Fidget-Grep Credited to Fidget-Grep
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER Low
CVE-2025-0343 was published for github.com/apple/swift-asn1 (Swift) Jan 14, 2025
baarde Credited to baarde
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
yyjson has a Double Free vulnerability High
CVE-2024-25713 was published for github.com/ibireme/yyjson (Swift) Feb 29, 2024
Vapor contains an integer overflow in URI leading to potential host spoofing Moderate
CVE-2024-21631 was published for github.com/vapor/vapor (Swift) Jan 3, 2024
0xTim Credited to 0xTim, gwynne, and baarde gwynne gwynne
baarde baarde
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
HTTP/2 Stream Cancellation Attack Moderate
CVE-2023-44487 was published for com.typesafe.akka:akka-http-core (Go) Oct 10, 2023
joakime Credited to joakime, faroukfaiz10, DuyTran-TomTom, derekheld, ebickle, and westonsteimel faroukfaiz10 faroukfaiz10
DuyTran-TomTom DuyTran-TomTom derekheld derekheld ebickle ebickle westonsteimel westonsteimel
Vapor's incorrect request error handling triggers server crash Moderate
CVE-2023-44386 was published for github.com/vapor/vapor (Swift) Oct 5, 2023
gwynne Credited to gwynne, 0xTim, and t0rchwo0d 0xTim 0xTim
t0rchwo0d t0rchwo0d
Path traversal in Zip Swift High
CVE-2023-39135 was published for github.com/marmelroy/Zip (Swift) Aug 31, 2023
Path traversal in ZIPFoundation High
CVE-2023-39138 was published for github.com/weichsel/ZIPFoundation (Swift) Aug 31, 2023
weichsel Credited to weichsel
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
SwiftTerm Code Injection vulnerability High
CVE-2022-23465 was published for github.com/migueldeicaza/SwiftTerm (Swift) Jul 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database