GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,273
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
High
CVE-2026-49451
was published
for
Microsoft.OpenAPI
(NuGet)
Jun 30, 2026
Duplicate Advisory: Hackney has an Allocation of Resources Without Limits or Throttling vulnerabilit
High
GHSA-76v6-f83q-pxvh
was published
for
hackney
(Erlang)
May 26, 2026
•
withdrawn
Electerm Local code through electerm's single-instance socket
Critical
CVE-2026-45353
was published
for
electerm
(npm)
May 14, 2026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
Critical
CVE-2026-33026
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Mar 30, 2026
@enclave-vm/core is vulnerable to Sandbox Escape
Critical
CVE-2026-27597
was published
for
@enclave-vm/core
(npm)
Feb 25, 2026
Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise
Critical
CVE-2026-26190
was published
for
github.com/milvus-io/milvus
(Go)
Feb 11, 2026
Karmada Dashboard API Unauthorized Access Vulnerability
Critical
CVE-2025-62714
was published
for
github.com/karmada-io/dashboard
(Go)
Oct 24, 2025
NATS Server may fail to authorize certain Jetstream admin APIs
Critical
CVE-2025-30215
was published
for
github.com/nats-io/nats-server/v2
(Go)
Apr 15, 2025
Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Moderate
CVE-2025-31135
was published
for
github.com/phires/go-guerrilla
(Go)
Apr 1, 2025
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Moderate
GHSA-r4pg-vg54-wxx4
was published
for
github.com/cert-manager/cert-manager
(Go)
Nov 20, 2024
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
Nov 8, 2024
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
Nov 6, 2024
CoreDNS Cache Poisoning via a birthday attack
Moderate
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
CosmWasm wasmd has large address count in ValidateBasic
Moderate
GHSA-m3rh-cvr5-x6q4
was published
for
github.com/CosmWasm/wasmd
(Go)
Aug 8, 2024
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Critical
CVE-2024-2952
was published
for
litellm
(pip)
Apr 10, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
High
CVE-2024-22198
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
High
CVE-2024-22197
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Kube-proxy may unintentionally forward traffic
Moderate
CVE-2021-25736
was published
for
k8s.io/kubernetes
(Go)
Oct 30, 2023
langchain vulnerable to arbitrary code execution
Critical
CVE-2023-36188
was published
for
langchain
(pip)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API