Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

4 advisories

Loading
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead High
CVE-2026-27889 was published for github.com/nats-io/nats-server (Go) Mar 25, 2026
Mistz1 Credited to Mistz1 and jiayuqi7813 jiayuqi7813 jiayuqi7813
New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check Moderate
CVE-2026-30886 was published for github.com/QuantumNous/new-api (Go) Mar 23, 2026
Mistz1 Credited to Mistz1 and Calcium-Ion Calcium-Ion Calcium-Ion
ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor High
CVE-2026-27953 was published for ormar (pip) Mar 19, 2026
Mistz1 Credited to Mistz1
Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass High
CVE-2026-27939 was published for statamic/cms (Composer) Feb 27, 2026
Mistz1 Credited to Mistz1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database