GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,273
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,489
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Incus has an arbitrary file write on its client due to trusted image hash
Critical
CVE-2026-48769
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)
Low
CVE-2026-48756
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an argument injection in backup compression algorithm leading to AFW and ACE
Critical
CVE-2026-48755
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}
Low
CVE-2026-48754
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file write via path traversal in S3 multipart upload
Critical
CVE-2026-48753
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has arbitrary file read+write on host via templates/ symlink in malicious image
Critical
CVE-2026-48752
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has a restricted project bypass leading to arbitrary command execution
Critical
CVE-2026-48751
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file write on host via `exec-output` symlink in crafted image
Critical
CVE-2026-48750
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image
Critical
CVE-2026-48749
was published
for
github.com/lxc/incus/v7/cmd/incusd
(Go)
Jun 26, 2026
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted)
Moderate
CVE-2026-47753
was published
for
github.com/lxc/incus/v7
(Go)
Jun 10, 2026
Incus is affected by unbounded binary import disk exhaustion
Moderate
CVE-2026-41685
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil Dereferences on Restore via Malformed YAML
Moderate
CVE-2026-41684
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Unbounded YAML Metadata Decode via Parsing
Moderate
CVE-2026-41648
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Nil-Pointer Dereference via S3 Bucket Import
Moderate
CVE-2026-41647
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference via Custom Volume Import
High
CVE-2026-40197
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus Vulnerable to Panic via Snapshot Bounds Check
High
CVE-2026-40251
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Low
CVE-2026-40243
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has a Nil-Pointer Dereference Panic via Bucket Metadata
High
CVE-2026-40195
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus has Blind SSRF via Image Import Preflight HEAD
Moderate
CVE-2026-35527
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
May 4, 2026
Incus does not verify combined fingerprint when downloading images from simplestreams servers
High
CVE-2026-33542
was published
for
github.com/lxc/incus/v6/client
(Go)
Mar 27, 2026
Incus vulnerable to local privilege escalation through custom storage volumes
High
CVE-2025-64507
was published
for
github.com/lxc/incus/v6
(Go)
Nov 13, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks
Low
CVE-2025-52889
was published
for
github.com/lxc/incus/v6
(Go)
Jun 26, 2025
Incus container image templating arbitrary host file read and write
High
CVE-2026-23954
was published
for
github.com/lxc/incus/v6/cmd/incusd
(Go)
Jan 22, 2026
Incus container environment configuration newline injection
High
CVE-2026-23953
was published
for
github.com/lxc/incus/v6
(Go)
Jan 22, 2026
Incus has an abitrary file write through its systemd-creds options
Critical
CVE-2026-33945
was published
for
github.com/lxc/incus/v6
(Go)
Mar 27, 2026
ProTip!
Advisories are also available from the
GraphQL API