Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

13,368 advisories

Loading
SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) Low
GHSA-fpg4-jhqr-589c was published for @sveltejs/kit (npm) Feb 28, 2026
elliott-with-the-longest-name-on-github Credited to elliott-with-the-longest-name-on-github and jviide jviide jviide
ZITADEL has potential SSRF via Actions Low
CVE-2026-27945 was published for github.com/zitadel/zitadel/v2 (Go) Feb 27, 2026
IAM-marco Credited to IAM-marco and livio-a livio-a livio-a
Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an... Low Unreviewed
CVE-2026-22717 was published Feb 27, 2026
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass Low
CVE-2025-12150 was published for org.keycloak:keycloak-services (Maven) Feb 27, 2026
Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner Low
CVE-2026-3293 was published for net.snowflake:snowflake-jdbc (Maven) Feb 27, 2026
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling... Low Unreviewed
CVE-2026-22877 was published Feb 27, 2026
A vulnerability has been found in libvips 8.19.0. This issue affects the function... Low Unreviewed
CVE-2026-3283 was published Feb 27, 2026
A flaw has been found in libvips 8.19.0. This vulnerability affects the function... Low Unreviewed
CVE-2026-3282 was published Feb 27, 2026
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the... Low Unreviewed
CVE-2026-3285 was published Feb 27, 2026
PSI Probe: Broken access control can lead to DoS Low
CVE-2026-3269 was published for com.github.psi-probe:psi-probe-core (Maven) Feb 27, 2026
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder Low
CVE-2026-27942 was published for fast-xml-parser (npm) Feb 26, 2026
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data Low
CVE-2026-27838 was published for wger (pip) Feb 26, 2026
ByamB4 Credited to ByamB4
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of... Low Unreviewed
CVE-2026-23749 was published Feb 26, 2026
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the... Low Unreviewed
CVE-2026-26228 was published Feb 26, 2026
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at... Low Unreviewed
CVE-2026-1694 was published Feb 26, 2026
Some HTTP security headers are not properly set by the web server when sending responses to the... Low Unreviewed
CVE-2026-1696 was published Feb 26, 2026
CIRCL has an incorrect calculation in secp384r1 CombinedMult Low
CVE-2026-1229 was published for github.com/cloudflare/circl (Go) Feb 25, 2026
ImageMagick: Heap-based Buffer Overflow in GetPixelIndex due to metadata-cache desynchronization Low
GHSA-gq5v-qf8q-fp77 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory Leak in multiple coders that write raw pixel data Low
GHSA-wfx3-6g53-9fgc was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
ImageMagick: Memory leak in coders/txt.c without freetype Low
GHSA-3q5f-gmjc-38r8 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
unbengable12 Credited to unbengable12
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c Low
GHSA-xpg8-7m6m-jf56 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
phenggeler Credited to phenggeler
ImageMagick: Malicious PCD files trigger 1‑byte heap Out-of-bounds Read and DoS Low
GHSA-wgxp-q8xq-wpp9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
mageMagick has a possible use-after-free write in its PDB decoder Low
GHSA-3j4x-rwrx-xxj9 was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
zerojackyi Credited to zerojackyi
ImageMagick has a possible heap Use After Free vulnerability in its meta coder Low
GHSA-2gq3-ww97-wfjm was published for Magick.NET-Q16-AnyCPU (NuGet) Feb 25, 2026
ylwango613 Credited to ylwango613
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type Low
GHSA-6j87-m5qx-9fqp was published for craftcms/cms (Composer) Feb 25, 2026
mHe4am Credited to mHe4am
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database