GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,273
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
LXD vulnerable to a local privilege escalation through custom storage volumes
High
GHSA-3g2j-vm47-x4mj
was published
for
github.com/canonical/lxd
(Go)
Nov 13, 2025
Incus creates nftables rules that partially bypass security options
High
CVE-2025-52890
was published
for
github.com/lxc/incus/v6
(Go)
Jun 26, 2025
Incus vulnerable to local privilege escalation through VM screenshot path
Moderate
CVE-2026-33711
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
Incus vulnerable to denial of source through crafted bucket backup file
Moderate
CVE-2026-33743
was published
for
github.com/lxc/incus
(Go)
Mar 27, 2026
Incus vulnerable to arbitrary file read and write through pongo templates
Critical
CVE-2026-33897
was published
for
github.com/lxc/incus
(Go)
Mar 27, 2026
Local Incus UI web server vulnerable to nuthentication bypass
High
CVE-2026-33898
was published
for
github.com/lxc/incus/v6/cmd/incus
(Go)
Mar 27, 2026
Incus has an abitrary file write through its systemd-creds options
Critical
CVE-2026-33945
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
Incus container environment configuration newline injection
High
CVE-2026-23953
was published
for
github.com/lxc/incus/v6
(Go)
Jan 22, 2026
Incus container image templating arbitrary host file read and write
High
CVE-2026-23954
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
Jan 22, 2026
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks
Low
CVE-2025-52889
was published
for
github.com/lxc/incus/v6
(Go)
Jun 26, 2025
Incus vulnerable to local privilege escalation through custom storage volumes
High
CVE-2025-64507
was published
for
github.com/lxc/incus/v6
(Go)
Nov 13, 2025
Incus does not verify combined fingerprint when downloading images from simplestreams servers
High
CVE-2026-33542
was published
for
github.com/lxc/incus/v6/client
(Go)
Mar 27, 2026
Incus has Blind SSRF via Image Import Preflight HEAD
Moderate
CVE-2026-35527
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
High
CVE-2026-40195
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Low
CVE-2026-40243
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus Vulnerable to Panic via Snapshot Bounds Check
High
CVE-2026-40251
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference via Custom Volume Import
High
CVE-2026-40197
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil-Pointer Dereference via S3 Bucket Import
Moderate
CVE-2026-41647
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Unbounded YAML Metadata Decode via Parsing
Moderate
CVE-2026-41648
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil Dereferences on Restore via Malformed YAML
Moderate
CVE-2026-41684
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus is affected by unbounded binary import disk exhaustion
Moderate
CVE-2026-41685
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted)
Moderate
CVE-2026-47753
was published
for
github.com/lxc/incus/v7
(Go)
Jun 10, 2026
Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
Critical
CVE-2026-48749
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
Critical
CVE-2026-48750
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has a restricted project bypass leading to arbitrary command execution
Critical
CVE-2026-48751
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
ProTip!
Advisories are also available from the
GraphQL API