Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,436
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,694
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Incus has an abitrary file write through its systemd-creds options Critical
CVE-2026-33945 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stgraber Credited to stgraber, grmpyninja, and stamparm grmpyninja grmpyninja
stamparm stamparm
Local Incus UI web server vulnerable to nuthentication bypass High
CVE-2026-33898 was published for github.com/lxc/incus/v6/cmd/incus (Go) Mar 27, 2026
grmpyninja Credited to grmpyninja and stgraber stgraber stgraber
Incus vulnerable to arbitrary file read and write through pongo templates Critical
CVE-2026-33897 was published for github.com/lxc/incus (Go) Mar 27, 2026
grmpyninja Credited to grmpyninja and stgraber stgraber stgraber
Incus vulnerable to denial of source through crafted bucket backup file Moderate
CVE-2026-33743 was published for github.com/lxc/incus (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus vulnerable to local privilege escalation through VM screenshot path Moderate
CVE-2026-33711 was published for github.com/lxc/incus/v6 (Go) Mar 27, 2026
stamparm Credited to stamparm and stgraber stgraber stgraber
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Incus container image templating arbitrary host file read and write High
CVE-2026-23954 was published for github.com/lxc/incus/v6/cmd/incusd (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk and stgraber stgraber stgraber
Incus container environment configuration newline injection High
CVE-2026-23953 was published for github.com/lxc/incus/v6 (Go) Jan 22, 2026
rmcnamara-snyk Credited to rmcnamara-snyk and stgraber stgraber stgraber
LXD vulnerable to a local privilege escalation through custom storage volumes High
GHSA-3g2j-vm47-x4mj was published for github.com/canonical/lxd (Go) Nov 13, 2025
abdodz1234 Credited to abdodz1234 and stgraber stgraber stgraber
Incus vulnerable to local privilege escalation through custom storage volumes High
CVE-2025-64507 was published for github.com/lxc/incus/v6 (Go) Nov 13, 2025
abdodz1234 Credited to abdodz1234, stgraber, and hallyn stgraber stgraber
hallyn hallyn
Incus creates nftables rules that partially bypass security options High
CVE-2025-52890 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obalpetre-anssi Credited to obalpetre-anssi and stgraber stgraber stgraber
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database